Security Intelligence

Between LockBit, RansomHub and BlackSuit, law enforcement racked up some big wins against ransomware gangs last year. So why aren’t the attacks letting up? In this episode of Security Intelligence, panelists JR Rao, Jeff Crume and Michelle Alavarez unpack what the state of ransomware in 2025 really looked like, and why things haven’t slowed things down as much as we might hope. Then, we turn to identity security and cloud breaches as we consider the striking case of Zestix, the lone threat actor linked to breaches at 50 global enterprises. And all he needed were some passwords. From there, we look at what the future of hacking might hold. Palo Alto’s Wendi Whitmore issued a warning about how AI agents could become devastating insider threats, and security researchers at GEEKCon demonstrated how AI-powered robots can be hijacked using voice commands alone, turning prompt injection into a physical-world security risk. It’s a niche scenario today. But is it also a preview of what happens when AI, robotics and operational technology collide? Listen to Security Intelligence to find out. 00:00 -- Introduction 01:05 -- Ransomware in 2026 09:26 -- Zestix linked to 50 hacks 18:42 -- AI agents as insider threats 31:20 -- Hacking humanoid robots The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Subscribe to the IBM Think newsletter → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligenceSay your cloud storage service gets hacked. Say the attackers broke in by exploiting a vulnerability in an open-source library your organization used to build the service. Who owns that vulnerability? Microsoft is trying to clear some of the smog obscuring the software supply chain by expanding its bug bounty program to include some third-party code that affects it services. In this episode of Security Intelligence, panelists Jeff Crume, Nick Bradley and Claire Nuñez discuss what that move means for cybersecurity responsibility models going forward. We also analyze how a three-year-old LastPass breach is still giving cybercriminals new credentials to steal. Turns out “harvest now, decrypt later” isn’t just a quantum concern. Plus: OpenAI fights prompt injections with an automated, AI-powered red team, hackers have a new tool to make ClickFix attacks even easier and we share the New Year’s Resolutions we hope organizations will make in 2026. All that and more on Security Intelligence. 00:00 -- Introduction 1:11 -- Cybersecurity resolutions 6:51 -- Microsoft’s new bug bounties 14:00 -- The LastPass breach’s long tail 26:07 -- Automated red teaming 33:22 -- ClickFix-as-a-service The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120

Why does it cost so much more to get hacked in the United States than anywhere else in the world? In this special bonus episode of Security Intelligence, we sit down with Michelle Alvarez, Manager of Strategic Threat Analysis at IBM X-Force, for a deep dive into IBM’s 2025 Cost of a Data Breach report—and one of its most surprising findings: global breach costs are falling, but US breach costs just hit a record high. What’s driving the gap? In this episode, we unpack: Why faster detection and containment are lowering breach costs globally Why shadow AI is quietly increasing breach risk and driving up response costs Why regulatory fines, global operations and organizational scale hit US companies especially hard And how supply chain breaches, cloud complexity and shadow IT amplify the damage We also explore a critical inflection point ahead: AI isn’t a major attack target yet—but once adoption crosses key market concentration thresholds, attackers will follow the ROI. All that and more on Security Intelligence The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Read the Cost of a Data Breach report: https://ibm.biz/BdbkLt

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence In this special year-end episode of Security Intelligence, we reflect on 2025, a year of new attack methods (ClickFix), new vulnerabilities (vibecoding) and new worries on the horizon (shadow agents). From hijacked AI agents to massive supply chain breaches, 2025 forced security leaders to confront a sobering reality: trust might just be our biggest attack surface. Join hosts Matt Kosinski and Patrick Austin for a jam-packed look back at the biggest cybersecurity trends and cyberattacks of 2025, the lessons we can learn from them and what the road ahead looks like. Featuring: 00:00 – Introduction4:10 – AI and data security with Michelle Alvarez and Jeff Crume 22:42 – Biggest cyberattacks of 2025 with Dave Bales and Nick Bradley 38:18 – Major lessons, innovations and failures of cybersecurity in 2025 with Suja Viswesan and Sridhar Muppidi All that and more on Security Intelligence. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → https://www.ibm.com/think/security

AI browsers are neat—but are they more trouble than they’re worth? In this episode of Security Intelligence, Austin Zeizel, Evelyn Anderson and Ryan Anschutz discuss Gartner’s recent advisory warning organizations to ban AI browsers from the workplace for the time being. Is there anything we can do to make them safe enough to use? And that leads to a broader conversation about the relationship between AI model providers and the cybersecurity community. In the wake of some high-profile attacks using AI models—like the spy ring Anthropic busted—cybersecurity pros are split on whether AI vendors are pulling their weight in threat intel circles. This one has it all: spam bombing, social engineering and malicious virtual machines. All that and more on Security Intelligence. 00:00 – Introduction 01:14 -- Gartner: No AI browsers at work 13:38 -- Should AI vendors share threat intel? 23:11 -- MITRE’s top 25 most dangerous software flaws 33:15 -- Are social logins safe? 41:54 -- Bring-your-own-VM attacks The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → https://www.ibm.com/think/security