Podcasts about security risks

Guest: Charles Burton. Canada lowers tariffs on Chinese EVs to court Beijing; Burton warns this "strategic partnership" ignores security risks regarding data collection and Chinese influence operations.GREENLAND.

Episode 285: Join us this week on TechTime Radio with Nathan Mumm: The Show That Makes You Go "HMMM." Welcome to our show as we guide you through all things tech with a lil' whiskey on the side.This week on TechTime Radio, we cut through a week where algorithms, automation, and accountability all collided. We opened with TikTok's regulatory shakeup, where EU pressure and U.S. oversight triggered an algorithm reset that left creators scrambling. The conversation centered on what responsible design looks like when addictive features meet real duty of care, especially for younger users.We shifted to the automotive world this week, from Waymo scraping parked cars to a D.C. robo‑minibus that froze in the middle of the lane after a minor crash. The show explained how fragile edge cases and confusing human handoffs still make these systems unreliable, even as automation becomes more common. We wrapped up with enterprise updates, new security concerns, and a hands-on look at Gwen Ways Gadget, the Ziea-One, the calendar-organizer clock robot, all finished off with a lively American whiskey tasting that sparked plenty of debate.Feed fatigue, robo-fender-benders, and a desk gadget with egg eyes take center stage as we untangle a week where regulation, automation, and attention collide. We start with TikTok's new reality: EU regulators label its design addictive, while U.S. oversight and ownership shifts trigger a jarring algorithm reset. Creators see their niche content vanish, reach plummet, and feeds feel sanitized or broken. We explore what accountability looks like when infinite scroll and autoplay meet duty of care—especially for younger users—and whether smarter design can keep discovery without weaponizing compulsion.Then we pivot to the streets, where autonomy hit a pothole. A Waymo vehicle, even with a specialist onboard, scraped parked cars; a D.C. robo-minibus froze mid-lane after a minor crash; and an AI-enhanced used-car listing offered up cobblestone floor mats and two gear shifters. It's funny until it isn't. We cut through the headlines to the heart of the problem: brittle edge cases, unclear handoffs, and the non-negotiable need for human-in-the-loop safeguards. From staged rollouts to geofencing and real-world failover plans, we map the practices that separate novelty from reliability.On the enterprise side, Microsoft's long goodbye to Exchange Web Services sounds mundane—until your calendar syncs and SaaS bridges hiccup. We explain the timeline, what's replacing EWS, and how to audit your hidden dependencies before 2027 arrives. To actually tame your day, we test-drive Zia One, a Kickstarter AI calendar that merges Google, Outlook, and more into a glanceable desktop display with voice commands, Pomodoro timers, and playful animations. It's a focused bet on ambient computing—and we share how to evaluate crowdfunded hardware for real-world viability.Security stakes stay high as Coinbase reports a contractor-enabled data access incident, complete with leaked screenshots of internal tools. We detail why outsourced support is a prime attack surface and lay out a practical blueprint for least privilege, session monitoring, and vendor governance. And yes, we sip through a four-bottle American whiskey flight, trade takes on flavor and finish, and crown a winner—with a few confident opinions that may not age well.Hit play for a fast, clear, and funny tour through the week's most consequential tech shifts, grounded in practical steps you can apply today. If you enjoy the show, subscribe, share it with a friend, and leave us a review—then tell us: which trend needs the toughest guardrails right now?Support the show

In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS attack, and data breaches linked to the Shiny Hunters group targeting Harvard and the University of Pennsylvania.  From discussing the porous architecture of AI agents to exploring how attackers exploited AWS credentials in unsecured S3 buckets, this episode sheds light on the accelerated risks posed by AI in cybersecurity. Additionally, Jim Love speaks about the critical need for proactive measures and the inadequacies in current security frameworks. Hashtag Trending would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/htt 00:00 Introduction and Sponsor Message 00:20 Open Clause Marketplace and AI Threats 00:46 AI Agents and Security Risks 01:09 OpenClaw's Vulnerabilities 02:06 Malicious Skills in OpenClaw 03:37 Strategies for CIOs 04:38 AWS Breach Accelerated by AI 08:27 Shiny Hunters and University Data Breaches 10:48 Conclusion and Sponsor Message

What does AI really mean in simple terms? What are the biggest security and privacy risks for companies—especially in healthcare? How can organizations manage these risks effectively and stay compliant with fast-changing AI regulations? And why should businesses and professionals consider getting certified in ISO 42001, the new international standard for AI management systems?In this episode, Punit Bhatia talks with Walter Haydock, an expert in AI security and compliance, about how companies can use ISO 42001 to manage AI responsibly. They discuss the real-world risks of AI, practical steps to reduce them, and why certification can help build trust, credibility, and resilience in an AI-powered world.

Acknowledgement of Country// Headlines//Public housing residents seek court injunction to stop Homes Victoria evictionsGaza and West Bank updateProtests against Herzog visit Tenant's personal details exposed online by real estate rental platforms 'compost:compose' Live Performance and Program//Rasha Tayeh, Palestinian artist, curator, herbalist, and founder of Beit e'Shai Teahouse, joined Inez to discuss the creation of 'compost : compose', an arts project inviting artists to reflect on the purpose of art in times of ongoing genocide, social decay and climate crisis. Through a live performance weaving music, poetry, and movement, the work responds to and asks, how we might compost old structures, tend to grief, and decompose inherited ways of being, to make space for the new composing new imaginaries — rooted in care, repair, and collective liberation.Live performance on Wednesday the 18th of February, 7PM @ Next Wave, 270 Sydney Rd, Brunswick. Sliding scale tickets available from $10.Free public program on Saturday the 21st February, 3PM @ Next Wave. RSVP is essential.Follow the artists here // 'Through Our Eyes' Photography Exhibition//wani toaishara (co-curator) and Hussein Abdirahman Mohamud (artist) joined Inez to discuss the upcoming 'Through Our Eyes' photography exhibition, inviting audiences into a living archive of African-Australian experiences and curated by returning guest Dr Ibukun Oloruntoba. The exhibition responds to the pressing need for self-representation and visibility for the African diaspora living in Australia, examining how experiences of love, belonging, and resilience emerge in everyday life. Each artist's work investigates love as a connective force, whether through the quiet intimacies of brotherhood, the collective sanctuary of community or the resilience nurtured in and beyond public housing estates.Join them for a very special opening night next Friday the 13th of February, 6PM @ Blakdot Gallery, 33 Saxon Street Brunswick - running until Sunday 8th of March.Follow the artists here.// Rent Tech and Tenant Data Security Risks//Digital justice advocate, writer and researcher Samantha Floreani is a digital justice advocate and writer, joined us to discuss the rise and risks of rental technology and how the integration of these platforms into rental tenancies creates a demonstrable threat to privacy and security. Samantha is currently undertaking PhD research into the ways that digital technologies in so-called Australia's private rental sector impacts renters and housing justice. You can read the report ‘Implications of tenant data collection in housing: protecting Australian renters', which Samantha contributed to, here, and this week's Guardian exclusive on rent tech privacy breaches here.// Planned Demolition of Older Persons' Public Housing Towers//Fiona York, Executive Officer of Housing for the Aged Action Group, spoke with us about the Allan Labor Government's announcement last week of plans to demolish 7 older persons' public housing towers in the next stage of its high-rise redevelopment program. This move will erase over half of Melbourne's dedicated high-rise public housing for people over the age of 55 years, sparking concern and condemnation by grassroots groups and the community sector about the impact that relocation and estate redevelopment will have on elderly public tenants. While the 13 older persons' towers are included in the overall high-rise redevelopment program, tenants and advocates were led to believe that these buildings would not be up for demolition until significantly later in the program. Read Housing for the Aged Action Group's statement on last week's announcement here, and catch Fiona and the HAAG crew on 3CR's Raise the Roof program every Wednesday from 5:30-6PM.//

Guest Angela Nakalembe, AI and Safety Expert, joins to discuss increase in AI technology, and the challenges to decipher what is real or fake online. Discussion of concerns to children, AI online bullying, tools for education, and more.  Democrats threaten another government shutdown until Congress defunds ICE. What? Discussion of appropriations process, Democrats attempt to redeem themselves for political gain during election season, and how far could a government shutdown go. 

Running a small business, especially from home, puts your data at risk in ways you might not expect. I'll discuss what I see as the five biggest security threats facing small teams.

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news. They discuss: La France is tres sérieux about ditching US productivity software China's Salt Typhoon was snooping on Downing Street Trump wields the mighty DISCOMBOBULATOR ESET says the Polish power grid wiper was Russia's GRU Sandworm crew US cyber institutions CISA and NIST are struggling Voice phishing for MFA bypass is getting even more polished This episode is sponsored by Sublime Security. Brian Baskin is one of the team behind Sublime's 2026 Email Threat Research report. He joins to talk through what they see of attackers' use of AI, as well as the other trends of the year. This episode is also available on Youtube. Show notes France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform' amid security concerns | Euronews Suite Numérique plan - Google Search China hacked Downing Street phones for years Cyberattack Targeting Poland's Energy Grid Used a Wiper Trump says U.S. used secret 'discombobulator' on Venezuelan equipment during Maduro raid | PBS News Risky Bulletin: Cyberattack cripples cars across Russia - Risky Business Media Lawmakers probe CISA leader over staffing decisions | CyberScoop Trump's acting cyber chief uploaded sensitive files into a public version of ChatGPT - POLITICO Acting CISA director failed a polygraph. Career staff are now under investigation. - POLITICO NIST is rethinking its role in analyzing software vulnerabilities | Cybersecurity Dive Federal agencies abruptly pull out of RSAC after organizer hires Easterly | Cybersecurity Dive Real-Time phishing kits target Okta, Microsoft, Google Phishing kits adapt to the script of callers On the Coming Industrialisation of Exploit Generation with LLMs – Sean Heelan's Blog GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" - Ars Technica Bypassing Windows Administrator Protection - Project Zero Task Failed Successfully - Microsoft's “Immediate” Retirement of MDT - SpecterOps Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission WhatsApp's Latest Privacy Protection: Strict Account Settings - WhatsApp Blog Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: Reports | TechCrunch He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive | WIRED Key findings from the 2026 Sublime Email Threat Research Report

In the first podcast from issue 17 of Thinking Business, Partner Charlotte Clayson is joined by Rupert Small, Founder and CEO of Egregious, to explore the growing cyber risks associated with the rapid adoption of artificial intelligence in business.Rupert shares his perspective on the key cyber security, data protection and ethical challenges organisations face when implementing AI tools, from managing employee use of third party AI systems to safeguarding sensitive commercial and personal data. The discussion also looks at how businesses can reduce bias and discrimination risks, put practical protections in place, and strike the right balance between innovation, legal compliance and responsible AI use.

In this episode of the China Desk Podcast, Luke de Pulford of the Inter-Parliamentary Alliance on China (IPAC) joins host Steve Yates to examine China's proposed “mega embassy” in London, the national security risks tied to Five Eyes intelligence cables, and how Western governments are capitulating under economic pressure from Beijing. The conversation explores parliamentary resistance, grassroots opposition, CCP coercion tactics, and why Taiwan, supply chains, and global deterrence now define the century's central geopolitical struggle. Watch Full-Length Interviews: https://www.youtube.com/@ChinaDeskFNW

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. We take a short break from our 2-part series with Mike Volkov to review the issues arising from the Trump Administration's invasion of Venezuela. Matt Ellis joins Tom Fox to look at what all this means for companies looking to do business in Venezuela. They discuss the complex landscape of doing business in Venezuela, focusing on the rampant corruption, security challenges, and the implications of U.S. sanctions. They explore the risks associated with engaging with the national oil company, PdVSA, and the broader implications for U.S. companies considering re-entry into the Venezuelan market. The conversation also touches on Cuba's role, international organizations, and the potential for infrastructure rebuilding in Venezuela, emphasizing the need for long-term strategies and careful risk management. Key highlights: Navigating Corruption and Security Risks in Business Banking and Money Laundering Concerns Cuba's Role and Sanctions Implications International Organizations and Corruption Regulations Infrastructure Rebuilding in Venezuela Long-term Strategies for Companies Resources: Matt Ellis on LinkedIn Miller & Chevalier LLC Tom Fox Instagram Facebook YouTube Twitter LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest: Cleo Paskal. Paskal details severe corruption in Saipan, where Chinese interests have exploited visa loopholes and influenced local politics via a casino. Illegal entry by Chinese nationals poses security risks to nearby Guam, though Palau is receiving U.S. assistance to strengthen defenses against similar influence operations.1944 SAIPAN

Although geographically distant from Chinese shores, Latin America and the Caribbean occupy an important place in Chinese foreign policy. In the past decade, China has significantly expanded its influence in the region. The main vector of Chinese involvement has been economic, including securing access to commodities such as soybeans, copper, oil, and lithium, creating markets for Chinese companies, and deepening financial ties through trade, lending, and infrastructure investment.  On December 10, China released a new white paper on its relationship with Latin America and the Caribbean, the third such document following earlier editions in 2008 and 2016. The White Paper characterizes the region as “an essential force in the process toward a multipolar world and economic globalization.” Its release came on the heels of the Trump Administration's release of its National Security Strategy, which places unprecedented emphasis on the Western Hemisphere and asserts that the US seeks a region “free of hostile foreign incursion or ownership of key assets,” highlighting the growing strategic salience of Latin America and the Caribbean in US-China competition.  To discuss the new White Paper and the implications of China's policies in the LAC for the United States and US-China relations, we are joined by Dr. Evan Ellis. Dr. Ellis is a research professor of Latin American studies at the U.S. Army War College Strategic Studies Institute. He previously served on the Secretary of State's policy planning staff with responsibility for Latin America and the Caribbean as well as international narcotics and law enforcement issues.Timestamps:[00:00] Introduction[02:07] US and China on a Collision Course? [04:50] Chinese Priorities in Latin America [08:33] U.S. Security Risks from Chinese Port Investments[11:45] How China Uses CELAC to Advance Its Agenda[14:27] How Latin Americans View China's Growing Presence[17:22] Honduras and the Republic of China[21:22] How Beijing Might Address U.S. Concerns [25:09] China's Reaction to US and Venezuela  

Connect with Early Riders // Connect with OnrampPresented collaboratively by Early Riders & Onramp Media…Final Settlement is a weekly podcast covering capital markets, dealmaking, early-stage venture, bitcoin applications and protocol development.00:00 - Welcome Back and Market Overview02:47 - Inflation and Asset Trends05:44 - Regulatory Changes and Institutional Adoption08:53 - Security Risks and Custody Solutions11:52 - Market Sentiment and Long-Term Thinking14:57 - The Role of AI and Future Predictions33:15 - Navigating the Content Proliferation Challenge35:59 - The Future of Value in Digital Content40:19 - Stablecoins vs. Bitcoin: The Future of Transactions42:10 - Tether's Strategic Positioning in Global Markets48:43 - The Shift of Talent and Capital to Favorable Jurisdictions56:17 - Understanding the Economic Landscape and Future OpportunitiesIf you found this valuable, please subscribe to Early Riders Insights for access to the best content in the ecosystem weekly.Links discussed:https://x.com/exec_sum/status/2005751198725640395?s=20https://x.com/bearlyai/status/2006474217206985085?s=20https://x.com/paoloardoino/status/2002414704753586398?s=20Keep up with Michael:https://x.com/MTangumahttps://www.linkedin.com/in/mtanguma/Keep up with Brian:https://x.com/BackslashBTChttps://www.linkedin.com/in/brian-cubellis-00b1a660/Keep up with Liam:https://x.com/Lnelson_21https://www.linkedin.com/in/liam-nelson1/

In this episode, we cover Claude's Chrome plugin becoming available to all paid users and what the rollout means for everyday workflows. We also break down the potential security and privacy risks tied to browser-based AI tools and why users should be cautious as adoption accelerates.Try Delve: https://delve.co/Get the top 40+ AI Models for $20 at AI Box: ⁠⁠https://aibox.aiJoin my AI Hustle Community: https://www.skool.com/aihustleSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-425

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Show Notes: https://securityweekly.com/bsw-425

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-425

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Show Notes: https://securityweekly.com/bsw-425

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

On Hands-On Tech, helps out helps listener Daniel switch their MFA from Authy to another app, and explains why it's going to be a more tedious process than with other MFA's. Don't forget to send in your questions for Mikah to answer during the show to hot@twit.tv! Host: Mikah Sargent Download or subscribe to Hands-On Tech at https://twit.tv/shows/hands-on-tech Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

CrowdStrike research into AI coding assistants reveals a new, subtle vulnerability surface: When DeepSeek-R1 receives prompts the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security flaws increases by up to 50%. Stefan Stein, manager of the CrowdStrike Counter Adversary Operations Data Science team, joined Adam and Cristian for a live recording at Fal.Con 2025 to discuss how this project got started, the methodology behind the team's research, and the significance of their findings. The research began with a simple question: What are the security risks of using DeepSeek-R1 as a coding assistant? AI coding assistants are commonly used and often have access to sensitive information. Any systemic issue can have a major and far-reaching impact.  It concluded with the discovery that the presence of certain trigger words — such as mentions of Falun Gong, Uyghurs, or Tibet — in DeepSeek-R1 prompts can have severe effects on the quality and security of the code it produces. Unlike most large language model (LLM) security research focused on jailbreaks or prompt injections, this work exposes subtle biases that can lead to real-world vulnerabilities in production systems. Tune in for a fascinating deep dive into how Stefan and his team explored the biases in DeepSeek-R1, the implications of this research, and what this means for organizations adopting AI. 

This week, Lois Houston and Nikita Abraham are joined by Principal OCI Instructor Orlando Gentil to explore what truly keeps data safe, and what puts it at risk.   They discuss the CIA triad, dive into hashing and encryption, and shed light on how cyber threats like malware, phishing, and ransomware try to sneak past defenses.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------ Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hey everyone! Last week, we discussed how you can keep your data safe with authentication and authorization. Today, we'll talk about various security risks that could threaten your systems. 00:48 Lois: And to help us understand this better, we have Orlando Gentil, Principal OCI Instructor, back with us. Orlando, welcome back! Let's start with the big picture—why is security such a crucial part of our digital world today? Orlando: Whether you are dealing with files stored on a server or data flying across the internet, one thing is always true—security matters. In today's digital world, it's critical to ensure that data stays private, accurate, and accessible only to the right people.  01:20 Nikita: And how do we keep data private, secure, and unaltered? Is there a security framework that we can use to make sense of different security practices? Orlando: The CIA triad defines three core goals of information security.  CIA stands for confidentiality. It's about keeping data private. Only authorized users should be able to access sensitive information. This is where encryption plays a huge role. Integrity means ensuring that the data hasn't been altered, whether accidentally or maliciously. That's where hashing helps. You can compare a stored hash of data to a new hash to make sure nothing's changed. Availability ensures that data is accessible when it's needed. This includes protections like system redundancy, backups, and anti-DDoS mechanisms. Encryption and hashing directly support confidentiality and integrity. And they indirectly support availability by helping keep systems secure and resilient. 02:31 Lois: Let's rewind a bit. You spoke about something called hashing. What does that mean? Orlando: Hashing is a one-way transformation. You feed in data and it produces a unique fixed length string called a hash. The important part is the same input always gives the same output, but you cannot go backward and recover the original data from the hash. It's commonly used for verifying integrity. For example, to check if a file has changed or a message was altered in transit. Hashing is also used in password storage. Systems don't store actual passwords, just their hashes. When you log in, the system hashes what you type it and compare the stored hash. If they match, you're in. But your actual password was never stored or revealed. So hashing isn't about hiding data, it's about providing it hasn't changed. So, while hashing is all about protecting integrity, encryption is the tool we use to ensure confidentiality. 03:42 Nikita: Right, the C in CIA. And how does it do that? Orlando: Encryption takes readable data, also known as plaintext, and turns it into something unreadable called ciphertext using a key. To get the original data back, you need to decrypt it using the right key. This is especially useful when you are storing sensitive files or sending data across networks. If someone intercepts the data, all they will see is gibberish, unless they have the correct key to decrypt it. Unlike hashing, encryption is reversible as long as you have the right key. 04:23 Lois: And are there different types of encryption that serve different purposes? Orlando: Symmetric and asymmetric encryption. With symmetric encryption, the same key is used to both encrypt and decrypt the data. It's fast and great for securing large volumes of data, but the challenge lies in safely sharing the key. Asymmetric encryption solves that problem. It uses a pair of keys: public key that anyone can use to encrypt data, and a private key that only the recipient holds to decrypt it. This method is more secure for communications, but also slower and more resource-intensive. In practice, systems often use both asymmetric encryption to exchange a secure symmetric key and then symmetric encryption for the actual data transfer. 05:21 Nikita: Orlando, where is encryption typically used in day-to-day activities? Orlando: Data can exist in two primary states: at rest and in transit. Data at rest refers to data stored on disk, in databases, backups, or object storage. It needs protection from unauthorized access, especially if a device is stolen or compromised. This is where things like full disk encryption or encrypted storage volumes come in. Data in transit is data being sent from one place to another, like a user logging into a website or an API sending information between services. To protect it from interception, we use protocols like TLS, SSL, VPNs, and encrypted communication channels. Both forms data need encryption, but the strategies and threats can differ. 06:19 Lois: Can you do a quick comparison between hashing and encryption? Orlando: Hashing is one way. It's used to confirm that data hasn't changed. Once data is hashed, it cannot be reversed. It's perfect for use cases like password storage or checking the integrity of files. Encryption, on the other hand, it's two-way. It's designed to protect data from unauthorized access. You encrypt the data so only someone with the right key can decrypt and read it. That's what makes it ideal for keeping files, messages, or network traffic confidential. Both are essential for different reasons. Hashing for trust and encryption for privacy. 07:11 Adopting a multicloud strategy is a big step towards future-proofing your business and we're here to help you navigate this complex landscape. With our suite of courses, you'll gain insights into network connectivity, security protocols, and the considerations of working across different cloud platforms. Start your journey to multicloud today by visiting mylearn.oracle.com.  07:39 Nikita: Welcome back! When we talk about cybersecurity, we hear a lot about threats and vulnerabilities. But what do those terms really mean? Orlando: In cybersecurity, a threat is a potential danger and a vulnerability is a weakness an asset possess that a threat can exploit. When a threat and a vulnerability align, it creates a risk of harm. A threat actor then performs an exploit to leverage that vulnerability, leading to undesirable impact, such as data loss or downtime. After an impact, the focus shifts to response and recovery to mitigate damage and restore operations.  08:23 Lois: Ok, let's zero in on vulnerabilities. What counts as a vulnerability, and what categories do attackers usually target first?  Orlando: Software and hardware bugs are simply unintended flaws in a system's core programming or design. Misconfigurations arise when systems aren't set up securely, leaving gaps. Weak passwords and authentication provide easy entry points for attackers. A lack of encryption means sensitive data is openly exposed. Human error involves mistakes made by people that unintentionally create security risks. Understanding these common vulnerability types is the first step in building more resilient and secure systems as they represent the critical entry points attackers leverage to compromise systems and data. By addressing these, we can significantly reduce our attack surface and enhance overall security.  09:28 Nikita: Can we get more specific here? What are the most common cybersecurity threats that go after vulnerabilities in our systems and data? Orlando: Malware is a broad category, including viruses, worms, Trojans, and spyware. Its goal is to disrupt or damage systems. Ransomware has been on the rise, targeting everything from hospitals to government agencies. It lock your files and demands a ransom, usually in cryptocurrency. Phishing relies on deception. Attackers impersonate legitimate contacts to trick users into clicking malicious links or giving up credentials. Insider threats are particularly dangerous because they come within employees, contractors, or even former staff with lingering access. Lastly, DDoS attacks aim to make online services unavailable by overwhelming them with traffic, often using a botnet—a network of compromised devices. 10:34 Lois: Orlando, can you walk us through how each of these common cybersecurity threats work? Orlando: Malware, short for malicious software, is one of the oldest and most pervasive types of threats. It comes in many forms, each with unique methods and objectives. A virus typically attaches itself to executable files and documents and spreads when those are shared or opened. Worms are even more dangerous in networked environments as they self-replicate and spread without any user action. Trojans deceive users by posing as harmless or helpful applications. Once inside, they can steal data or open backdoors for remote access. Spyware runs silently in the background, collecting sensitive information like keystrokes or login credentials. Adware might seem like just an annoyance, but it can also track your activity and compromise privacy. Finally, rootkits are among the most dangerous because they operate at a low system level, often evading detection tools and allowing attackers long-term access. In practice, malware can be a combination of these types. Attackers often bundle different techniques to maximize damage.  12:03 Nikita: And what about ransomware? Why it is such a serious threat? Orlando: Ransomware has become one of the most disruptive and costly types of cyber attacks in recent years. Its goal is simple but devastating, to encrypt your data and demand payment in exchange for access. It usually enters through phishing emails, insecure remote desktop protocol ports or known vulnerabilities. Once inside, it often spreads laterally across the network before activating, ensuring maximum impact. There are two common main forms. Crypto ransomware encrypts user files, making them inaccessible. Locker ransomware goes a step further, locking the entire system interface, preventing any use at all. Victims are then presented with a ransom note, typically requesting cryptocurrency payments in exchange for the decryption key. What makes ransomware so dangerous is not just the encryption itself, but the pressure it creates. Healthcare institutions, for instance, can't afford the downtime, making them prime targets.  13:18 Lois: Wow. Thanks, Orlando, for joining us today.  Nikita: Yeah, thanks Orlando. We'll be back next week with more on how you use security models to tackle these threats head-on. And if you want to learn about the topics we covered today, go to mylearn.oracle.com and search for the Cloud Tech Jumpstart  course. Until next time, this is Nikita Abraham… Lois: And Lois Houston, signing off! 13:42 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

In this episode of Alexa's Input (AI) Podcast, host Alexa Griffith sits down with Liana Tomescu, founder of Sonny Labs and host of the AI Hacks podcast. Dive into the world of AI security and compliance as Liana shares her journey from Microsoft to founding her own company. Discover the challenges and opportunities in making AI applications secure and compliant, and learn about the latest in AI regulations, including the EU AI Act. Whether you're an AI enthusiast or a tech professional, this episode offers valuable insights into the evolving landscape of AI technology.LinksSonnyLabs Website: https://sonnylabs.ai/SonnyLabs LinkedIn: https://www.linkedin.com/company/sonnylabs-ai/Liana's LinkedIn: https://www.linkedin.com/in/liana-anca-tomescu/Alexa's LinksLinkTree: https://linktr.ee/alexagriffithAlexa's Input YouTube Channel: https://www.youtube.com/@alexa_griffithWebsite: https://alexagriffith.com/LinkedIn: https://www.linkedin.com/in/alexa-griffith/Substack: https://alexasinput.substack.com/KeywordsAI security, compliance, female founder, Sunny Labs, EU AI Act, cybersecurity, prompt injection, AI agents, technology innovation, startup journeyChapters00:00 Introduction to Liana Tomescu and Sunny Labs02:53 The Journey of a Female Founder in Tech05:49 From Microsoft to Startup: The Transition09:04 Exploring AI Security and Compliance11:41 The Role of Curiosity in Entrepreneurship14:52 Understanding Sunny Labs and Its Mission17:52 The Importance of Community and Networking20:42 MCP: Model Context Protocol Explained23:54 Security Risks in AI and MCP Servers27:03 The Future of AI Security and Compliance38:25 Understanding Prompt Injection Risks45:34 The Shadow AI Phenomenon45:48 Navigating the EU AI Act52:28 Banned and High-Risk AI Practices01:00:43 Implementing AI Security Measures01:17:28 Exploring AI Security Training

PREVIEW. The DeepSeek AI Model: Low Cost, Open Source, and Security Risks. John Batchelor and Jack Burnham discuss the US-China AI contest and microchips, noting China's ban on the best chips. DeepSeek, an open-source, low-cost model, is appealing but may not perform as well as American models. Concerns persist about its true costs, potential use of Nvidia chips, and security flaws like providing CCP talking points. 1954

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

AI-powered web browsers are hitting the scene fast, but Steve and Leo unpack why these smart assistants could usher in an era of security chaos most users aren't ready for. Brace yourself for the wild risks, real-world scams, and the privacy questions no one else is asking. Secret radios discovered in Chinese-made busses. Edge & Chrome introduce LLM-based "scareware" blocking. A perfect example of what scareware blocking hopes to prevent. Aardvark: OpenAI's new vulnerability scanner for code. Italy to require age verification from 48 specific sites. Russia to require the use of only Russian software within Russia. Russia further clamping down on non-MAX Telegram and WhatsApp messaging. 187 new malicious NPM packages. Could AI help with that? BadCandy malware has infiltrated Australian Cisco routers. Github's 2025 report with the dominance of TypeScript. Windows 11 gets new extra-secure Admin Protection feature. A bunch of interesting feedback and listener thoughts. And why the new AI-driven web browsers may be bringing a whole new world of hurt Show Notes - https://www.grc.com/sn/SN-1050-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bitwarden.com/twit joindeleteme.com/twit promo code TWIT canary.tools/twit - use code: TWIT bigid.com/securitynow threatlocker.com for Security Now

Send us a textSecurity gets sharper when we stop treating AI like magic and start treating it like an untrusted user. We sit down with Eric Galinkin to unpack the real-world ways red teams and defenders are using language models today, where they fall apart, and how to build guardrails that hold up under pressure. From MCP servers that look a lot like ordinary APIs to the messy truths of model hallucination, this conversation trades buzzwords for practical patterns you can apply right now.Eric shares takeaways from Offensive AI Con: how models help triage code and surface likely bug classes, why decomposed workflows beat “find all vulns” prompts, and what happens when toy benchmarks meet stubborn, real binaries. We explore reinforcement learning environments as a scalable way to train security behaviors without leaking sensitive data, and we grapple with the uncomfortable reality that jailbreaks aren't going away—so output validation, sandboxing, and principled boundaries must do the heavy lifting.We also dig into Garak, the open-source system security scanner that targets LLM-integrated apps where it hurts: prompted cross-site scripting, template injection in Jinja, and OS command execution. By mapping findings to CWE, Garak turns vague model “misbehavior” into concrete fixes tied to known controls. Along the way, we compare GPT, Claude, and Grok, talk through verification habits to counter confident nonsense, and zoom out on careers: cultivate niche depth, stay broadly literate, and keep your skepticism calibrated. If you've ever wondered how to harness AI without handing it the keys to prod, this one's for you.Enjoyed the episode? Follow, share with a teammate, and leave a quick review so more builders and defenders can find the show.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

On this episode of the Tudor Dixon Podcast, Nebraska Attorney General Mike Hilgers exposes the growing threats posed by foreign surveillance technology—especially from Chinese companies—and what it means for American privacy and national security. From everyday devices like baby monitors to popular apps such as TikTok, Hilgers warns how consumer technology can be weaponized for espionage, data harvesting, and misinformation campaigns. He underscores the urgent need for federal action and stronger safeguards while urging individuals to stay vigilant about the products and platforms they trust. The Tudor Dixon Podcast is part of the Clay Travis & Buck Sexton Podcast Network. For more visit TudorDixonPodcast.comSee omnystudio.com/listener for privacy information.

The United States and China are locked in a race for dominance in artificial intelligence, including its applications and diffusion. American and Chinese AI firms like OpenAI and DeepSeek respectively have captured global attention and major companies like Google and Microsoft have been actively investing in AI development. While the US currently boasts world-leading AI models, China is ahead in some areas of AI research and application. With the release of US and Chinese AI action plans in July, we may be on the cusp of a new phase in US-China AI competition.Why is AI so important for a country's global influence? What are the strengths of China's AI strategy? And what does China's new AI action plan tell us about its AI ambitions? To discuss these questions, we are joined by Owen Daniels. Owen is the Associate Director of Analysis at Georgetown's Center for Security and Emerging Technology and a Non-Resident Fellow at the Atlantic Council. His recently published article in Foreign Affairs co-authored with Hanna Dohmen -- titled China's Overlooked AI Strategy -- provides insights into how Beijing is utilizing AI to gain global dominance and what the US can and should do to sustain and bolster its lead.Timestamps[00:00] Start [02:05] US Policy Risks to Chinese AI Leadership [05:28] Deepseek and Kimi's Newest Models  [07:54] US vs. China's Approach to AI [10:42] Limitations to China's AI Strategy  [13:08] Using AI as a Soft Power Tool  [16:10] AI Action Plans  [19:34] Trump's Approach to AI Competition [22:30] Can China Lead Global AI Governance?  [25:10] Evolving US Policy for Open Models

This week on Blurry Hysteria, we dive into two stories that are equal parts science, sweat, and straight-up strange.First up: What if your next computer wasn't silicon but flesh? That's right—British scientists have created a "living" brain chip made of human neurons, and now you can rent it like it's a haunted Airbnb. Is it the future of computing or the first step toward Skynet with skin?Then, we travel from the uncanny valley to the swampy undercarriage of airport security. The TSA is sounding the alarm—literally—thanks to a little-known phenomenon known as “swamp crotch.” Turns out excessive groin sweat might be your ticket to a full pat-down. Moisture and metal detectors don't mix, folks.From meat-based microchips to moisture-based misfires, join us for a perfectly weird cocktail of cutting-edge tech and humid horror stories.Listen now before your pants set off national security protocols.Links & Resources

Tom and co-host Producer Drew take listeners deep into the high-stakes world of global economics, trade wars, and political theater with none other than special guest Donald Trump. As President Trump celebrates the announcement of a new, potentially game-changing trade deal with the UK, Tom and Drew rigorously break down what it really means for American exports, tariffs, and the unfolding chess match with China. The conversation doesn't pull punches, exploring not only the economic realities facing the US but also the psychological strategies behind deal-making on the world stage. Tom and Drew offer behind-the-scenes analysis of political spin, the art of negotiation, and the critical importance of international alliances in the context of escalating trade tensions. Get ready for an unvarnished exploration of geopolitics, leadership styles, and the strategies shaping the future of American business and security. SHOWNOTES00:00 – Trump's Announcement: US-UK Trade Deal Overview01:05 – Tariff Breakdown: Who Really Won?02:07 – Negotiation Psychology & Political Theater03:52 – The UK's Perspective and Global Positioning05:24 – Isolating China: The Bigger Strategic Game07:02 – Building Alliances: The Path to Outmaneuvering China09:02 – Switzerland Talks: US and China Meet, But Will Anything Change?10:13 – Economic Resilience: Comparing US and Chinese “Dry Powder”12:54 – Trade War Tactics: Currency Manipulation and Industrial Policy14:29 – Why US-China Competition is More Than Just Math16:28 – Critical Supply Chains: Chips, Drones, and Strategic Independence18:37 – Measuring Success: When Will We Know If These Deals Pay Off?20:47 – Partisan Spin and the Reality of Global Power Plays21:25 – Political Theater: Inside Congressional Testimonies and Bureaucracy23:23 – The Doge Debate: Audits, Efficiency, and Tech's Role in Government27:11 – Security Risks or Political Kabuki? The Doge Employees Controversy29:33 – Why Government Efficiency Matters & What's At Stake33:02 – Can Tech-Led Solutions Fix America's Fiscal Future? CHECK OUT OUR SPONSORS ButcherBox: Ready to level up your meals? Go to ⁠https://ButcherBox.com/impact⁠ to get $20 off your first box and FREE bacon for life with the Bilyeu Box! Vital Proteins: Get 20% off by going to ⁠https://www.vitalproteins.com⁠ and entering promo code IMPACT at check out Netsuite: Download the CFO's Guide to AI and Machine Learning at ⁠https://NetSuite.com/THEORY⁠ iTrust Capital: Use code IMPACTGO when you sign up and fund your account to get a $100 bonus at ⁠https://www.itrustcapital.com/tombilyeu⁠  Mint Mobile: If you like your money, Mint Mobile is for you. Shop plans at ⁠https://mintmobile.com/impact.⁠  DISCLAIMER: Upfront payment of $45 for 3-month 5 gigabyte plan required (equivalent to $15/mo.). New customer offer for first 3 months only, then full-price plan options available. Taxes & fees extra. See MINT MOBILE for details. What's up, everybody? It's Tom Bilyeu here: If you want my help... STARTING a business:⁠ join me here at ZERO TO FOUNDER⁠ SCALING a business:⁠ see if you qualify here.⁠ Get my battle-tested strategies and insights delivered weekly to your inbox:⁠ sign up here.⁠ ********************************************************************** If you're serious about leveling up your life, I urge you to check out my new podcast,⁠ Tom Bilyeu's Mindset Playbook⁠ —a goldmine of my most impactful episodes on mindset, business, and health. Trust me, your future self will thank you. ********************************************************************** LISTEN TO IMPACT THEORY AD FREE + BONUS EPISODES on APPLE PODCASTS:⁠ apple.co/impacttheory⁠ ********************************************************************** FOLLOW TOM: Instagram:⁠ https://www.instagram.com/tombilyeu/⁠ Tik Tok:⁠ https://www.tiktok.com/@tombilyeu?lang=en⁠ Twitter:⁠ https://twitter.com/tombilyeu⁠ YouTube:⁠ https://www.youtube.com/@TomBilyeu Learn more about your ad choices. Visit megaphone.fm/adchoices