Security Intelligence

Can IAM handle AI? Find out → https://www.ibm.com/think/podcasts/security-intelligence

A consumer just wanted to control his own personal robot vacuum with a PlayStation controller. He ended up controlling thousands of strangers’ vacuums, too.

This week on Security Intelligence, we cover one of the wildest IoT security stories in recent memory: How one user accidentally built an army of 6,700 robot vacuums, and what it means for cybersecurity pros.

Then we turn to TOAD — telephone-oriented attack delivery — a deceptively low-tech social engineering method that's quietly becoming one of attackers' favorite tools. We talk about why it works and what defenders can actually do about an attack that skips most of your defenses entirely.

And finally: healthcare's cybersecurity problems. This season of the hit medical drama The Pitt features a hospital-debilitating ransomware attack, which is perhaps one of the most realistic things to ever happen on a show known for its verisimilitude. We explore why ransomware is so prevalent in healthcare, why patching is rare and what it would actually take to change that.

00:00 -- Introduction
0:58 -- Rise of the robot vacuum army
10:02 -- Anthropic debuts Claude Code Security
24:39 -- Thwarting distillation attacks
34:23 -- Why hackers love TOADs
44:14 -- Healthcare’s cybersecurity woes

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Explore the Threat Intelligence Index 2026 → https://www.ibm.com/reports/threat-intelligence#sipod

#AIcodesecurity #vibecoding #securitydebt #IoTsecurity #vishing

AI agents are coming to the enterprise—but can we actually control them?

On this bonus episode of Security Intelligence, IBM Fellow and CTO IBM Security Sridhar Muppidi helps us dig into the rise of agentic AI security risks, from generative AI systems with backend access to autonomous agents that can schedule meetings, call APIs and automate workflows — often with highly privileged access.

Traditionally, identity and access management has (IAM) focused on human beings. Then came service accounts and API credentials. Now? We’re facing an explosion of machine identities, including a brand-new class of AI identities that blend human and machine characteristics.

How do we manage identity and access for software systems that behave like human users?

Join us for a discussion of:

What makes AI identity management different from traditional IAM

Why valid account abuse remains one of the top attack vectors — and how AI could amplify it

The risks of giving generative AI systems the keys to the kingdom

How enterprises should think about AI access control and governance

Why there’s still no clear standard for securing AI and non-human identities

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence

For years, stolen credentials were king—the hacker’s attack vector of choice. Until now.

The 2026 IBM X-Force Threat Intelligence Index reveals a surge in the exploitation of public-facing applications, overtaking identity-based attacks as the top initial access vector.

Why are threat actors changing their tactics so dramatically—and what does it mean for defenders?

In this episode of Security Intelligence, panelists Claire Nuñez, Chris Caridi and Joe Xatruch break down the biggest findings from the latest Threat Intelligence Index, plus:
Infostealers that grab AI agents’ “souls”
Compromised packages that drop AI agents as malware
The AI infrastructure flaws we can’t seem to fix
Why threat intelligence is so siloed—and what we can do about it

All that and more—on Security Intelligence.

00:00 - Intro
1:17 - Threat Intelligence Index 2026
16:22 - Stealing AI agents’ souls
28:03 - AI infrastructure flaws
36:36 - Threat intelligence made human


The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.


Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence
Explore the Threat Intelligence Index 2026 → https://www.ibm.com/reports/threat-intelligence#sipod

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Valentine’s day might be over, but love is in the air.

The love a scammer has for their victim’s wallet, that is.

In this special episode of Security Intelligence, host Matt Kosinski sits down with Claire Nunez, Suja Viswesan, and Dave Bales to break down how modern romance scams actually work: from the “wrong number” text that starts an innocent chat, to long-con “pig butchering” schemes that use emotion, trust and time to extract money — often through crypto investment bait.

The panel explains why anyone can fall for these scams, how breaches and public records can help scammers build convincing victim profiles and how AI is making the problem worse.

Finally, the team gets practical: how to talk to a loved one who may be caught in a scam, how to remove stigma so people report faster and what organizations can do when a “personal” scam becomes a corporate risk.

Key takeaways: Don’t respond to unknown numbers, treat online “investment opportunities” as a red flag and remember: if this happened to you, you’re not alone.


The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Are enterprises moving too fast with AI—and breaking security in the process?

In this episode of Security Intelligence, host Matt Kosinski is joined by Sridhar Muppidi, Nick Bradley and Jeff Crume to unpack a pivotal moment in cybersecurity.

The panel dives into the rapid rise of AI agents and the growing risks of shadow AI in the enterprise, comparing open-source agent platforms like OpenClaw with proprietary models such as Claude Opus 4.6 and its new agent teams. We explore how speed-first AI adoption, unsecured agent implementations and weak separation of duties are creating new attack surfaces—and why executives may be unintentionally fueling the problem.

The conversation also examines the recent Notepad++ supply chain breach as a warning sign of broader software inventory and supplier risk failures, and analyzes DragonForce’s attempt to reinvent ransomware as a scalable cartel business.

Along the way, we keep returning to a key theme: Have we optimized for velocity at the expense of security?

00:00 -- Intro
01:18 -- OpenClaw vs. Claude Opus 4.6
15:05 -- Move fast. Break security?
27:29 -- Notepad++ breach
38:55 -- DragonForce ransomware cartel


The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

#OpenClaw #ClaudeOpus #shadowAI #AIagentsecurity