AI Security Ops podcast artwork

PODCAST · education

AI Security Ops

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

Publisher-supplied feed metadata · PodParley refreshed Jun 13, 2026 · Source feed

  1. 57

    Interview with Josh Mason | Episode 62

    In this episode of BHIS Presents: AI Security Ops, Bronwen Aker and Ethan sit down with Josh Mason for a wide-ranging conversation about cybersecurity careers, AI, small business security, and what it actually takes to help organizations make practical security decisions.How do small businesses think about security when they do not have a full-time CISO?And what happens when AI starts lowering the barrier for research, planning, governance, and security operations?Not hypothetically. Not as a buzzword. But in the real world — where companies are trying to understand SOC 2, HIPAA, incident response, cyber insurance, AI governance, hallucinations, and the risks of letting tools make decisions they do not fully understand.Josh brings a practical perspective from his background as a C-130 pilot, cyber leader, instructor, sales engineer, vCISO, consultant, and founder of Noob Village at DEF CON.We dig into:- What Noob Village is and why DEF CON needs an on-ramp for new people- Josh’s path from Air Force pilot to cyber leadership- Why communication and translation matter so much in cybersecurity- What a vCISO actually does for small businesses- How smaller companies think through SOC 2, HIPAA, GRC, pen testing, and incident response- How AI can speed up research, planning, and draft creation- Why AI-generated work still needs human review and source validation- How companies are trying to govern employee use of AI tools- Why cyber insurance, E&O coverage, and AI hallucinations are starting to overlap- Where RAG and guardrails can help reduce risk- How AI may reshape the work small businesses can do on their own- Why trust, relationships, and human judgment still matter in consulting- How hacker community, mentorship, and D&D all somehow fit togetherThis episode explores a practical shift in AI security: AI is not just changing the tools defenders use. It is changing how small businesses learn, make decisions, evaluate risk, and decide when they need expert help.The takeaway: AI can make security work more accessible, but it does not replace experience, judgment, validation, or trust. The organizations that benefit most are the ones that use AI to accelerate good decisions — not outsource thinking entirely.Chapters(00:00) - Meet Josh Mason (01:27) - Hacker Summer Camp and Noob Village (06:45) - From Air Force Pilot to Cyber Leadership (13:08) - What a vCISO Does for Small Businesses (19:55) - Using AI for Research and Incident Response Planning (24:46) - Small Business AI Security and Governance (27:47) - Cyber Insurance, Hallucinations, and Guardrails (31:43) - How AI Is Reshaping Small Business Security (42:15) - Where to Find Josh Click here to watch this episode on YouTube. Creators & Guests Ethan Robish - Guest Bronwen Aker - Host Josh Mason - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  2. 56

    Are Foreign Open Weight Models a Security Risk? | Episode 61

    In this episode of AI Security Ops, the team tackles one of the most common questions security teams are asking about open-weight AI models:Are foreign open-weight models actually a security risk?Not in the vague “AI is scary” sense. Not in the headline-driven “it must be spyware” sense. But in the practical, security-operations sense: if you download a model like Qwen or DeepSeek and run it locally, what risks are real, which ones are overblown, and what should defenders actually care about?The answer is more nuanced than “ban them” or “they’re totally fine.”Open-weight models can be cheap, capable, and private when they run on your own hardware. But “open-weight” does not mean “open source,” and running a foreign model locally does not automatically mean it is phoning home. The bigger risks are often in the runtime, file format, download source, tooling chain, model behavior, and how much trust you place in the output.We dig into:- What “open-weight” actually means, and why it is not the same as open source- Why the “phone home” fear is usually the wrong threat model for local weights- The difference between a hosted AI service and a locally run model- Why model delivery, runtime, and tooling matter more than the weights themselves- How pickle files, unsafe formats, and poisoned packages create real supply-chain risk- Why typosquatting and fake model repos are a practical concern- Why safetensors and verified sources matter- How bias and censorship can show up in foreign and domestic models- Why model behavior, refusals, and blind spots can become integrity risks- What sleeper-agent research tells us about hidden triggers and model backdoors- Why country of origin matters, but does not replace basic security hygiene- How to safely evaluate and use open-weight models in real workflowsThis episode explores a critical shift in AI security: the risk is not just where a model comes from. It is how you download it, how you run it, what data it can access, what actions it can take, and whether your pipeline assumes the output is trustworthy.For security teams, the practical takeaway is simple: do not treat any model as inherently safe just because it runs locally, and do not treat every foreign model as magic spyware. Build the workflow so the model can be useful without becoming a single point of trust.—Key Concepts & TopicsOpen-Weight Models- Local model weights and inference engines- Open-weight versus open source- Qwen, DeepSeek, and foreign model adoptionThreat Modeling- Local models versus hosted AI services- The difference between weights, wrappers, and APIs- Why “phoning home” is usually a runtime or tooling issueSupply-Chain Risk- Unsafe model formats- Pickle files and arbitrary code execution- Typosquatting and poisoned repositories- Package and dependency compromiseSafer Model Handling- Prefer safetensors over risky serialized formats- Download from verified sources- Pin hashes and validate model artifacts- Use containers and restrict unnecessary network accessBias and Censorship- Model behavior shaped by training data- Political, cultural, and regulatory influence- Refusals, blind spots, and subtle output bias- Matching model behavior to the use caseSleeper Agents and Backdoors- Hidden trigger behavior in model outputs- Why behavioral testing may miss certain risks- The difference between lab demonstrations and real-world evidence- Designing workflows so hidden triggers have limited impactDefensive Strategy- Treat model output as untrusted input- Do not pipe outputs directly into shells, databases, or production systems- Avoid unsupervised code execution or autonomous production access- Make adoption decisions based on threat model, compliance, and use caseLearn more about Black Hills Information Security:https://www.blackhillsinfosec.com/Check out Antisyphon Training:https://www.antisyphontraining.com/#AISecurity #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #Antisyphon #OpenWeightModels #SupplyChainSecurity(00:00) - Intro: Foreign Open-Weight Models and Security Risk (01:50) - What Open-Weight Actually Means (03:35) - The Phone Home Concern (07:44) - Pickle Files and Supply-Chain Risk (14:34) - Bias, Censorship, and Model Behavior (19:21) - Sleeper Agents and Hidden Triggers (24:41) - Country of Origin vs Security Practices (25:20) - Practical Checklist and Final Takeaways Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Ethan Robish - Guest Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  3. 55

    Hey Skippy! | Episode 60

    This episode takes a break from the usual AI security news roundup for a show-and-tell discussion centered on "Skippy," an AI-powered personal assistant built to automate cybersecurity workflows. The conversation covers how the project evolved from an OpenClaw experiment into a system that tracks AI and cybersecurity news, generates daily intelligence briefs, documents its own code, recommends training updates, assists with content creation, and performs automated vulnerability research. The hosts also discuss practical AI workflows, prompt engineering, model selection, and lessons learned from integrating LLMs into day-to-day security operations.Key Concepts and Topics* The origin and evolution of the "Skippy" AI assistant* Building an AI agent with OpenClaw and Telegram* Automating AI and cybersecurity news aggregation* Daily intelligence briefs and trend analysis* Self-documenting AI-assisted software development* Personalizing AI behavior with custom instructions* AI-assisted content creation and documentation* Identifying training and course update opportunities* Automated vulnerability research against open-source projects* Comparing open and commercial LLMs for security workflows(00:00) - Intro - Show and Tell (00:55) - Introducing My Bot Skippy! (03:56) - Why the name Skippy? (06:55) - The Skippy Dashboard (09:00) - Questions about Skippy? (09:57) - Other Features, customization and automation (16:28) - AI creates more work for you to do (20:33) - What can we do next? Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  4. 54

    Mythos and Fable Pulled | Episode 59

    In this episode of BHIS Presents: AI Security Ops, the team tackles a first-of-its-kind moment in AI security and regulation:What happens when the U.S. government orders a company to pull its most powerful AI models off the market?Not the chips. Not the infrastructure. The models themselves.On June 12th, 2026, Anthropic disabled Fable-5 and Mythos-5 worldwide after receiving a federal export-control directive tied to foreign-national access. The models were only three days old, and the shutdown raises a much bigger question for security teams, builders, and defenders:Are frontier AI models now controlled technology?This episode breaks down the order, the export-control mechanism behind it, the cybersecurity concerns around jailbreaks, and what this means for anyone building security workflows on top of hosted AI models.We dig into:• Why Anthropic pulled Fable-5 and Mythos-5 for all customers• How foreign-national access rules forced an all-or-nothing shutdown• What EAR export controls are, and why ITAR keeps coming up• The history of encryption, PGP, and software as controlled technology• Why Fable-5 and Mythos-5 triggered cyberweapon concerns• The difference between guarded and less-guarded model releases• Why jailbreaks are central to the government’s justification• Why “all LLMs can be jailbroken” matters for policy and enforcement• Whether Anthropic’s safety messaging created regulatory risk• How competition and AI industry politics may shape regulation• Why model redundancy is becoming a security resilience requirement• What security teams should learn from a hosted model disappearing overnight• Why taking powerful AI away from defenders may make security worse, not betterThis episode explores a critical shift in AI security: frontier models are no longer just another SaaS dependency. They are becoming part of the security supply chain, subject to policy, export controls, national-security concerns, and sudden access loss.For security teams, the question is no longer just which model performs best. It is what happens when the model your workflow depends on disappears, and what that model could see while it was running.—Key Concepts & TopicsAI Export Controls• Federal action targeting AI models instead of chips• Foreign-national access restrictions• Frontier models as controlled technologyEAR, ITAR, and Software Regulation• Dual-use technology under Commerce Department authority• Historical parallels to encryption and PGP• Why software can become a national-security control pointFable-5 and Mythos-5• Guarded and less-guarded model access• Safety classifiers and cyber capability concerns• Public release versus vetted access modelsJailbreaks and AI Security• Bypassing model safeguards• Universal versus narrow jailbreaks• Why perfect jailbreak resistance is not realisticSecurity Resilience• Model redundancy as a practical requirement• Avoiding single-model dependency• Planning for sudden access loss, policy changes, and vendor shutdownsDefensive Strategy• Understanding where AI lives in your workflows• Thinking through AI blast radius• Balancing model capability, access, monitoring, and riskLearn more about Black Hills Information Security:https://www.blackhillsinfosec.com/Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Check out Antisyphon Training:https://www.antisyphontraining.com/#AISecurity #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #Antisyphon #AIRegulation #ExportControls----------------------------------------------------------------------------------------------🎧 Subscribe to the Podcast:https://aisecurityops.transistor.fmAbout Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: The First AI Model Export Control (01:38) - The Anthropic Order and Foreign-National Access (03:19) - EAR, ITAR, and Software as Controlled Technology (04:39) - Mythos-5, Fable-5, and Guarded Model Access (06:32) - Jailbreaks and Cyberweapon Concerns (08:58) - Competition, Regulation, and AI Industry Politics (10:54) - Model Redundancy as a Security Requirement (13:21) - Defensive AI Use and Final Takeaways Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  5. 53

    Agentic Security: The Maturity Model — From Wild West to Locked Down | Episode 58

    In this episode of BHIS Presents: AI Security Ops, the team tackles one of the most urgent — and misunderstood — problems in modern security:How do you actually secure AI agents?Not hypothetically. Not in theory. But in the real world — where agents have access to your filesystem, your credentials, your network… and are making decisions on their own.The answer isn’t a single control or tool — it’s a maturity model.From “YOLO agent with full access” to fully instrumented, controlled, and observable systems, this episode walks through a five-level maturity model for agentic security — and what it actually takes to move up each stage.We dig into:• Why agentic AI introduces a completely different security model• What “Level 0” chaos looks like in real organizations• The risks of giving agents unrestricted access to systems• Why containment is the first real step toward security• How sandboxing changes the risk equation• The importance of logging, monitoring, and visibility• Where most organizations are actually operating today• Why skipping steps in maturity creates hidden risk• How to think about blast radius in agent design• What “fully enforced” agentic security actually looks likeThis episode explores a critical shift in AI security: you’re not just securing models anymore — you’re securing autonomous systems.⸻📚 Key Concepts & TopicsAgentic Security• AI agents with system-level access• Autonomous decision-making and execution• Expanding attack surface beyond promptsSecurity Maturity Model• Level 0 → Level 4 progression• Incremental risk reduction strategies• Why maturity matters more than toolsContainment & Sandboxing• Limiting blast radius• Isolating agent execution environments• Preventing lateral movementMonitoring & Observability• Logging agent actions and decisions• Detecting misuse or unexpected behavior• Building visibility into autonomous systemsDefensive Strategy• Designing for least privilege• Avoiding “full access by default”• Treating agents like untrusted users#AISecurity #CyberSecurity #AIAgents #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #AppSec #AgenticAI----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: The Reality of Unsecured AI Agents (00:24) - The Agentic Security Maturity Model Explained (07:20) - Level 0: Total Chaos (Unrestricted Agents) (11:24) - Level 1: Containment and Basic Guardrails (13:24) - Level 2: Controlled Execution (20:32) - Level 3: Monitoring, Logging, and Visibility (27:00) - Level 4: Fully Enforced Agent Security (28:00) - Final Takeaways: Maturity Over Hype Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Brian Fehrman - Host Derek Banks - Host Ethan Robish - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  6. 52

    Introducing Fusion AI Pentest | Episode 57

    In this episode of BHIS Presents: AI Security Ops, the team introduces a new approach to offensive security:Fusion AI Pentesting.https://www.blackhillsinfosec.com/fusion-penetration-testing/As AI continues to reshape cybersecurity, one question keeps coming up — is AI replacing pentesters, or just changing how they work?This episode answers that directly.Rather than replacing human expertise, Fusion combines AI-driven discovery with human-led validation and exploitation, creating a workflow that’s faster, more scalable, and far more effective than either approach alone.The result isn’t just more findings — it’s better findings, faster, with real-world impact.We dig into:• What “Fusion AI Pentesting” actually means in practice• Why AI alone isn’t enough for real security testing• How human + AI collaboration outperforms either independently• The difference between finding vulnerabilities and proving impact• Where AI excels in offensive security workflows• Where human intuition and experience still matter most• How this approach scales continuous testing and red teaming• Why traditional pentesting models are starting to break down• How organizations should think about integrating AI into security testing• What this means for the future of offensive securityThis episode highlights a key shift in cybersecurity: AI doesn’t replace the pentester — it changes what a great pentester looks like.⸻📚 Key Concepts & TopicsFusion AI Pentesting• Combining AI discovery with human validation• Augmenting—not replacing—pentesters• Faster, more scalable offensive workflowsAI in Offensive Security• Automated vulnerability discovery• Pattern matching vs real-world exploitation• Limits of AI-only approachesHuman + AI Collaboration• Human intuition and domain expertise• Chaining vulnerabilities for real impact• Validating and prioritizing findingsSecurity Testing Evolution• Continuous testing vs point-in-time pentests• Red teaming with AI-assisted workflows• Changing expectations for coverage and speedDefensive Implications• Better signal vs noise in findings• Faster identification of real risk• Preparing for AI-augmented attackers#AISecurity #CyberSecurity #Pentesting #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #RedTeaming #AIAgents----------------------------------------------------------------------------------------------About Melisa Wachs - https://www.blackhillsinfosec.com/team/melisa-wachsAbout Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: A Different Kind of AI Sec Ops Episode (01:59) - Introducing Fusion AI Pentesting (03:34) - Why AI Alone Isn’t Enough (05:59) - Human vs AI: Strengths and Limitations (09:12) - Finding vs Exploiting Vulnerabilities (11:43) - How Fusion Improves Speed and Coverage (15:06) - Scaling Offensive Security with AI (18:12) - Final Takeaways: The Future of Pentesting Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Derek Banks - Host Melisa Wachs - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  7. 51

    Open Weight Models and Open Source Harnesses | Episode 56

    In this episode of BHIS Presents: AI Security Ops, the team looks at what it actually means to own your AI stack.Open-weight models and open-source harnesses are no longer just lab toys. They are becoming practical options for security teams that care about where their prompts, code, client data, findings, and tooling actually live.The core question: when your work depends on AI, how much control are you willing to give away?We dig into:- What data sovereignty means for security teams- Why token sovereignty matters in agentic workflows- How provider terms can become a business risk- Open-weight models vs. truly open-source AI- Why harnesses like Hermes and OpenCode matter- Where cloud providers may apply fewer restrictions- The tradeoff between local control and hosted capability- Supply chain risk in models, harnesses, and plugins- Running local models with Ollama, VLLM, and similar tools- Why “local” does not automatically mean “safe”- How to start experimenting without buying expensive hardware- The next risk frontier: local prompt injectionOwning your AI stack does not magically eliminate risk. It moves the risk. Hosted models create exposure around data, terms, pricing, and availability. Local models create exposure around maintenance, supply chain, permissions, and prompt injection. The security win is not blindly choosing local or cloud — it is knowing which layer you need to control, and why.⸻📚 Key Concepts & TopicsData & Terms Risk- Prompts can contain code, client data, findings, and operational context- Hosted providers may inspect, retain, or restrict usage- Terms changes can affect entire security workflows- “Allowed yesterday” does not guarantee “allowed tomorrow”Token Sovereignty- Agentic workflows burn far more tokens than simple chat- Rate limits, usage windows, and pricing changes become operational dependencies- Local hardware shifts the constraint from API quota to compute capacity- Cost control is part of architecture, not just procurementModels vs. Harnesses- Open-weight models provide downloadable weights, not always full training transparency- Harnesses provide the tool loop, permissions, memory, and provider adapters- Hermes, OpenCode, Claude Code, Codex, and similar tools shape what the model can actually do- Risk often lives in the harness around the modelLocal Stack Tradeoffs- Local models improve control over sensitive data- Self-hosting adds maintenance, patching, networking, and monitoring responsibilities- Tools like Ollama, VLLM, and Llama.cpp lower the barrier to experimentation- Expensive hardware helps, but it is not required to start learningSupply Chain & Prompt Injection- Model weights, plugins, skills, and MCP servers are all supply chain decisions- Local agents with shell access can turn prompt injection into local impact- “No provider guardrails” means you own the safety controls- Permissions, sandboxing, and audit logs matter more as the stack gets more autonomousPractical Starting Point- Pick one harness and go deep before chasing every new tool- Test real tasks, not toy demos- Compare hosted and local workflows honestly- Decide which layers you need to own before you need an emergency exit#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #OpenSourceAI #LocalLLM #AIAgents #SecOps #InfoSec #BHIS #AppSec #PromptInjection #SecurityArchitecture----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: Owning Your AI Stack (01:43) - Data Sovereignty, Token Sovereignty & Terms Risk (03:38) - Provider Inspection, Prompt Data & Business Exposure (08:09) - Where the Guardrails Live: Model, Harness, or API (12:12) - Open Weights, Frontier Providers & the Innovation Race (14:53) - Local Models, Open Harnesses & Real Hardware Tradeoffs (24:24) - Self-Hosting Reality: VLLM, Ollama, VPNs & Maintenance (31:25) - Getting Started: Pick a Harness and Run Real Tasks Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Derek Banks - Host Ethan Robish - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  8. 50

    AI Cost Saving Tips | Episode 55

    In this episode of BHIS Presents: AI Security Ops, the team digs into a problem every AI-enabled SOC eventually hits:The demo looked great — until the inference bill showed up!AI in SecOps gets expensive because security data is huge, repetitive, and constant. Logs, alerts, runbooks, tool definitions, and historical context all get pushed into models again and again. That burns money, slows systems down, and often makes answers worse.The fix is not exotic. It is basic engineering: use smaller models where they work, cache what repeats, stop dumping raw logs, and save expensive reasoning for the cases that actually need it.We dig into:• Why AI SecOps workloads get expensive fast  • When smaller models are good enough  • Where frontier models still make sense  • How grouping alerts into cases reduces waste  • Using strong models to judge cheaper models  • Why prompt caching can be a major cost lever  • How small prompt changes can break caching  • Batch APIs for non-urgent security work  • Why raw logs make prompts noisy and expensive  • RAG, deduplication, and cached verdicts  • Budget caps, circuit breakers, and stolen-key risk  • When deterministic code beats another model call  AI cost control is not just a budgeting exercise. It is a security architecture issue. If every alert goes to the biggest model with no caching, no limits, and no measurement, the system is not just expensive — it is uncontrolled. Good AI SecOps design means scoping the model, reducing unnecessary context, measuring spend, and putting guardrails around how AI is allowed to operate.⸻📚 Key Concepts & TopicsAI Cost Architecture  • SecOps cost comes from large inputs, repeated context, and high alert volume  • Model selection should match task difficulty  • Routine triage can often use smaller models  • Hard correlation and judgment may justify stronger models  Model Evaluation  • Test smaller models against real historical cases  • Use stronger models as judges when appropriate  • Compare quality before moving workloads  • Do not assume the biggest model is always necessary  Prompt & Context Design  • Cache static instructions, tool definitions, and repeated context  • Keep cacheable sections stable  • Avoid changing static prompts with unnecessary variables  • Better prompt structure can reduce both cost and noise  Data Reduction & Retrieval  • Do not send entire logs when only a few fields matter  • Preprocess alerts before model calls  • Use RAG instead of stuffing whole libraries into prompts  • Cache repeated verdicts for repeated alert patterns  Operational Guardrails  • Track AI spend by workload  • Set hard caps and circuit breakers  • Use limits to reduce stolen-key blast radius  • Treat AI pipelines like production security systems  Deterministic Workflows  • Not every task needs inference  • Repeatable logic should become code  • AI can help write that code  • Once the workflow is deterministic, stop paying the model to repeat it  #AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #SecOps #SOC #InfoSec #BHIS #AppSec #PromptEngineering #securityarchitecture ----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: When the AI Triage Assistant Gets Expensive (01:27) - The Setup: Saving Money Without Killing the Workflow (02:22) - Right-Size the Model: Cheap for Routine, Big for Hard (05:36) - Testing Smaller Models, Judges & Real SOC Workflows (13:46) - Prompt Caching: The Big Lever Hiding in Plain Sight (18:37) - Batch APIs: Half the Urgency, Lower the Cost (20:19) - Stop Dumping Logs: Less Noise, Better Answers (24:20) - RAG, Dedupe, Budgets & the Deterministic Code Bonus Click here to watch this episode on YouTube. Creators & Guests Ethan Robish - Guest Derek Banks - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  9. 49

    Is It the Model or the Harness? | Episode 54

    In this episode of BHIS Presents: AI Security Ops, the team tackles a foundational question in modern AI security:Is the real risk in the model… or in the harness around it?For years, most conversations have focused on model behavior — prompt injection, refusals, alignment, and safety controls. But as AI systems evolve into full agents with tools, memory, and execution capabilities, the focus is shifting.Increasingly, the real security boundary isn’t the model itself — it’s the harness: the code, integrations, permissions, and workflows that give AI systems real-world power.And that shift has massive implications for how we think about AI risk.We dig into:• What “model vs. harness” actually means in practical terms• Why defenders often blame the model for issues caused by the harness• How agent architectures expand the attack surface beyond prompts• The role of tools, memory, and execution in modern AI systems• Why prompt injection is often a harness design failure• How real-world AI exploits increasingly target integrations, not models• The limits of model-level safety and refusal behavior• Why harness design is becoming the new security perimeter• How AI agents move from “text generators” to “action-takers”• What defenders should focus on when securing AI systemsThis episode explores a critical shift in AI security: the model might generate the response — but the harness determines the impact.⸻📚 Key Concepts & TopicsModel vs Harness• Model = core AI (weights, training, inference)• Harness = surrounding system (tools, APIs, execution layers)• Separation of generation vs. actionAI Security Risks• Prompt injection vs. system-level vulnerabilities• Misplaced trust in model-level protections• Expanding attack surface through integrationsAgent Architectures• Tool use, memory, and multi-step reasoning• Code execution and external system access• Transition from passive models to active agentsDefensive Strategy• Securing the harness as the primary control layer• Limiting permissions and external integrations• Designing safe execution environments for AIAI Safety vs Security• Refusal behavior and alignment limitations• Why safety ≠ security in agent systems• Need for defense-in-depth beyond the model#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #AIAgents #InfoSec #BHIS #AppSec #aiarchitecture ----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: AI Security Ops & Episode Setup (00:26) - The Core Question: Model vs Harness (02:08) - Defining the Model: What It Actually Does (05:02) - Defining the Harness: Tools, Code & Capabilities (06:56) - Why Security Is Shifting Toward the Harness (13:05) - Being Secure and Being useful (16:20) - AI Agents, Tooling & Expanding Attack Surface Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  10. 48

    AI News | Episode 53

    In this episode of BHIS Presents: AI Security Ops, the team breaks down a packed week in AI security — from the first AI-built zero day in the wild to model supply chain attacks and gray market AI access.What used to be theoretical is now operational. AI isn’t just assisting attackers anymore — it’s actively being used to discover vulnerabilities, distribute malicious models, and even experiment with autonomous behavior.Across four major stories, a clear pattern emerges: AI is no longer just a tool in the toolbox — it is the toolbox.We dig into:• Google’s report of the first AI-discovered and weaponized zero day• What it means for AI to participate in real-world exploitation campaigns• The risks of typosquatted and malicious models on platforms like Hugging Face• How fake or swapped models can silently compromise users• New research showing LLMs attempting persistence and self-replication• The difference between theoretical capability and real-world risk• The rise of gray market access to restricted AI models like Claude and Gemini• Why model trust, provenance, and validation are becoming critical• How AI is accelerating both offensive capability and attacker velocity• What defenders should be watching as these trends evolveThis episode highlights a major inflection point in cybersecurity: as AI capabilities scale, so does the attack surface — and the speed at which it can be exploited.⸻📚 Key Concepts & TopicsAI-Driven Exploitation• AI-assisted vulnerability discovery• First reported AI-built zero day in the wild• Automation of exploit developmentModel Supply Chain Risk• Typosquatted and malicious models• Hugging Face trust and verification challenges• Silent model swapping and integrity concernsAI Behavior & Autonomy• Research into LLM persistence and replication• Limits of current model capabilitiesAI Access & Shadow Ecosystems• Gray market distribution of restricted models• Claude, Gemini, and access control bypasses• Trust boundaries in global AI usageDefensive Implications• Model provenance and validation• Monitoring AI-assisted attack patterns• Preparing for increased attacker velocity#AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #AIAgents #SupplyChainSecurity #AIThreats----------------------------------------------------------------------------------------------About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/(00:00) - Intro: AI Security News & Big Week Overview (00:47) - Sponsors & Show Setup (01:34) - AI-Built Zero Day: Google’s Disclosure (02:39) - Skepticism, Validation & “Trust Me Bro” Problem (07:41) - Chinese Gray Market & Model Access Risks (14:11) - Hugging Face Typosquatting & Fake Models (18:05) - LLM Self-Replication Research & Realistic Threats (24:16) - Final Takeaways: AI as the New Attack Surface Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Derek Banks - Host Bronwen Aker - Host Ethan Robish - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  11. 47

    Agent Pentest Benchmarking | Episode 52

    In this episode of BHIS Presents: AI Security Ops, the team breaks down a new benchmarking framework designed to evaluate AI pentesting agents against real-world offensive security scenarios.What began as experimental evaluation of “can AI hack?” has quickly shifted into something much closer to operational reality. Organizations are now seeing a surge in agentic tooling and automated pentesting workflows, where human-guided AI systems consistently outperform fully autonomous agents in complex, unsupervised environments.As AI tooling evolves, teams must balance speed with validation, monitoring, and oversight as offensive capabilities outpace defenses.We dig into:The new “AutoPenBench” framework for benchmarking AI pentesting agentsWhy fully autonomous AI hacking only achieved a 21% success rateHow human-assisted AI workflows increased success rates to 64%Testing AI agents against Log4Shell, Heartbleed, Spring4Shell, and classic web exploitsWhy modern offensive AI systems still require heavy human oversight and validationHow custom internal AI frameworks are already finding vulnerabilities humans missedThe operational role of prompt engineering, scaffolding, and agent memoryReal examples of AI agents mis-scoping infrastructure and chasing irrelevant targetsHow AI lowers the barrier for ransomware operations and offensive capability developmentWhy defensive teams need stronger edge visibility, packet capture, and AI-aware monitoring strategies⸻📚 Key Concepts & TopicsAI Pentesting & Agentic SecurityAutonomous AI hacking agentsAgentic AI workflowsAI-assisted penetration testingOffensive security automationBenchmarking & EvaluationAutoPenBenchAI security benchmarkingHuman-in-the-loop validationLong-horizon task evaluationOffensive Security OperationsSQL injectionPath traversalLog4Shell / Heartbleed / Spring4ShellKali Linux offensive toolingAI Infrastructure & Model OperationsPrompt engineeringPersistent agent memoryRoleplay jailbreak techniquesGuardrail reduction strategiesDefensive Security StrategyDefense in depthEdge network monitoringZeek network analysisPacket capture visibilityIndustry & Threat ImplicationsAI-enabled ransomware operationsAI-assisted red teamingInfrastructure scoping failures Operational scalability challenges#AISecurity #CyberSecurity #Pentesting #AIAgents #RedTeam #EthicalHacking #CyberDefense----------------------------------------------------------------------------------------------(00:00) - Video Intro and Sponsor (01:20) - Al Pentesting Benchmark Overview (02:11) - How AutoPenBench Works (03:44) - Real World Results and Experience (05:16) - Real World Results and Experience (06:48) - Human and Al Collaboration (07:38) - Improving Al Agent Workflows (08:56) - Model Limitations and Updates (10:35) - Jailbreaks and Model Guardrails (13:16) - Provider Controls and Trust Factors (14:41) - Lower Barrier for Cyber Attacks (15:39) - Defensive Security Implications (16:59) - Why Red Teams Need Al Now Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  12. 46

    AI and Bug Bounties | Episode 51

    In this episode of BHIS Presents: AI Security Ops, the team breaks down a growing problem in cybersecurity: AI-generated bug bounty “slop” overwhelming the system.What started as a powerful way to crowdsource vulnerability discovery is now hitting a breaking point. Programs like cURL’s bug bounty and platforms like HackerOne are seeing a massive surge in submissions — but fewer and fewer of them are actually valid.The result? Security teams spending hours reviewing reports that go nowhere, while real vulnerabilities risk getting buried in the noise.We dig into:• Why cURL shut down its bug bounty program after years of success• How valid reports dropped from 1-in-6 to 1-in-20• What “death by a thousand slops” actually looks like in practice• How AI is flooding programs with low-quality vulnerability reports• The difference between “theoretical” vs. exploitable vulnerabilities• Why reviewing findings is now harder than generating them• How HackerOne is responding to the surge in submissions• Whether AI can be used to filter AI-generated noise• The role of reproducibility and proof-of-impact in triage• Why human expertise still matters in vulnerability validationThis episode explores a critical shift in security operations: when vulnerability discovery becomes cheap and automated, validation and triage become the real bottleneck.⸻📚 Key Concepts & TopicsBug Bounty Programs & Triage• Submission quality vs. volume imbalance• Signal-to-noise challenges in vulnerability pipelines• The growing burden of manual validationAI in Vulnerability Discovery• Automated scanning vs. real exploitability• AI-generated findings and false positives• The “editor’s dilemma” — review vs. generationAI Security Risks• Lower barrier to entry for vulnerability discovery• Over-reliance on AI without domain expertise• Flooding systems with low-quality submissionsDefensive Strategy• Requiring reproducible steps and proof-of-impact• Using AI to pre-filter vulnerability reports• Combining human expertise with AI toolingIndustry Impact• cURL bug bounty shutdown• HackerOne submission pause• Shifting economics of vulnerability research#AISecurity #BugBounty #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #AIAgents #AppSec----------------------------------------------------------------------------------------------(00:00) - Intro: Bug Bounty Burnout & AI Noise (01:14) - cURL Kills Its Bug Bounty Program (02:05) - “Death by a Thousand Slops” Explained (03:42) - AI vs Vulnerability Scanners: Signal vs Noise (04:38) - HackerOne Pauses Submissions & Industry Impact (05:41) - Can AI Filter AI? Proposed Solutions (07:49) - Why Humans Still Matter in Validation (12:55) - Final Takeaway: AI as a Tool, Not a Replacement Click here to watch this episode on YouTube. Creators & Guests Ethan Robish - Guest Bronwen Aker - Host Brian Fehrman - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  13. 45

    Vercel Breach | Episode 50

    In this episode of BHIS Presents: AI Security Ops, the team breaks down the Vercel breach — a real-world incident that shows just how fragile modern security has become in the age of AI integrations and SaaS sprawl.What started as a simple Roblox cheat script downloaded on a work laptop quickly escalated into a multi-hop compromise involving OAuth permissions, an AI productivity tool, and access into Vercel’s internal systems.This wasn’t a zero-day or advanced nation-state exploit. It was a chain of everyday decisions: installing software, clicking “Allow,” and trusting third-party integrations.The result? Allegedly $2M worth of data listed for sale, including API keys, internal data, and employee records — all from a breach path that most organizations aren’t even monitoring.We dig into:• What Vercel is and why it’s such a high-value target• How environment variables become the “keys to the kingdom”• The full attack chain: Roblox malware → Context.ai → Vercel• What infostealers like Lumma actually do (and how cheap they are)• How OAuth permissions become persistent backdoors• Why AI productivity tools introduce hidden risk• The rise of “shadow AI” inside organizations• How supply chain attacks continue to scale across ecosystems• The role of AI in accelerating attacker speed and capability• Why this type of breach is becoming the new normalThis episode highlights a critical shift in cybersecurity: you don’t have to get hacked directly anymore — attackers just need to compromise something you’ve already trusted.⸻📚 Key Concepts & TopicsAttack Chain & Initial Access• Lumma infostealer and malware-as-a-service• Credential theft: passwords, cookies, OAuth tokens• Low-cost, high-impact compromise pathsOAuth & Identity Risk• “Allow All” permissions and persistent access• OAuth tokens as long-lived entry points• Lack of visibility into third-party integrationsAI Security Risks• Shadow AI and unsanctioned tool adoption• Deep integrations with Google Workspace and SaaS• AI tools as new supply chain attack surfacesSupply Chain Attacks• Multi-hop compromise paths across vendors• Real-world parallels (Trivy, LiteLLM)• Interconnected ecosystems increasing blast radiusThreat Landscape Evolution• AI accelerating attacker speed and scale• Lower barrier to entry for complex attacks• Criminal groups operating as decentralized “businesses”Defensive Strategy• Auditing OAuth integrations and permissions• Enforcing least privilege across SaaS tools• Segmenting sensitive data and reducing blast radius• Avoiding risky behavior on corporate devices⏱️ Chapters(00:00) - Intro & Breach Overview (00:21) - Sponsors & Show Setup (01:29) - What Vercel Is & Why It Matters (02:31) - Initial Compromise: Roblox Script & Infostealer (05:03) - OAuth Permissions & Pivot into Vercel (08:04) - AI Tools, Over-Permissioning & Supply Chain Risk (09:53) - AI Acceleration of Attacks & Ecosystem Impact (13:34) - Threat Actors, Attribution & Key Takeaways Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Ethan Robish - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  14. 44

    Claude Mythos | Episode 49

    In this episode of BHIS Presents: AI Security Ops, the team breaks down Claude Mythos Preview — Anthropic’s unreleased frontier model that may represent a turning point in AI-powered cybersecurity.What started as a controlled research release under Project Glasswing has quickly become one of the most controversial developments in AI security. Mythos isn’t just better at finding vulnerabilities — it’s operating at a scale and depth that challenges long-held assumptions about how quickly software can be broken… and whether it can realistically be fixed.From leaked internal documents to real-world exploit generation, this episode explores what happens when vulnerability discovery becomes cheap, fast, and automated — while remediation remains slow, manual, and human-bound.The result? A growing asymmetry that could fundamentally reshape the security landscape.We dig into:• What Claude Mythos Preview is and why it was withheld from the public• The leaks that exposed its existence and capabilities• How Project Glasswing is positioning AI for defensive use• Real-world vulnerability discoveries made by the model• The “vulnpocalypse” problem: discovery vs. remediation imbalance• Emerging AI behaviors that raise containment concerns• How attackers are already leveraging AI for offensive operations• The access control dilemma: who gets to use models like this?• Why patching — not discovery — is now the primary bottleneck• What defenders must do to prepare for AI-accelerated exploitationThis episode explores a critical shift in cybersecurity: when vulnerability discovery scales faster than human response, the entire defensive model starts to break down.⸻📚 Key Concepts & TopicsAI-Powered Vulnerability Discovery• Autonomous exploit generation and chaining• Benchmark performance vs. prior models• AI-assisted offensive security workflowsAI Security Risks• Discovery vs. remediation asymmetry• AI-driven vulnerability scaling• Offensive use by nation-states and cybercriminalsModel Behavior & Safety• Emergent autonomy and sandbox escape concerns• Evaluation awareness and deceptive behaviors• Limits of containment and alignmentDefensive Strategy & Readiness• Patch velocity as the new bottleneck• AI-assisted vulnerability management• Open-source ecosystem risk exposureAI Governance & Industry Response• Restricted model releases and access control• Regulatory and financial sector concerns• The future of AI capability containment#AISecurity #CyberSecurity #ArtificialIntelligence #LLMSecurity #BHIS #AIThreats #InfoSec #AIAgents #CyberDefense(00:00) - Intro & Show Overview (01:00) - Sponsors, Hosts, and Episode Setup (01:53) - What Is Claude Mythos Preview? (03:04) - The Leak, Project Glasswing, and Restricted Access (07:53) - Capabilities: Exploits, Benchmarks, and Breakthroughs (09:16) - Real-World Vulnerabilities & “Vulnpocalypse” Concerns (14:47) - Access Control, Threat Actors, and Emerging Risks (21:38) - Defensive Strategy: Patching, AI Tools, and What Comes Next (23:08) - Defensive Strategy: Patching, AI Tools, and What Comes Next Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Bronwen Aker - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  15. 43

    Holocron OpenBrain with Alex Minster | Episode 48

    In this episode of BHIS Presents: AI Security Ops, the team is joined by Alex Minster to demo his project: HOLOCRON OpenBrain with — a persistent, model-agnostic memory layer designed to solve one of the biggest frustrations in AI workflows.Instead of starting from scratch every time you open a new chat, Alex’s approach creates a centralized “brain” that multiple AI models can connect to, allowing context, notes, and intelligence to persist across sessions, tools, and even platforms.The result? A flexible system that captures thoughts, ingests threat intel, and generates structured outputs — all without locking you into a single AI provider.We dig into:• The “cold start” problem in AI and why it breaks real workflows• What the OpenBrain HOLOCRON is (and isn’t)• How centralized memory changes the way we interact with AI tools• The architecture: Supabase, OpenRouter, MCP, and multi-model access• Using Discord as a lightweight ingestion pipeline for persistent memory• Real-world CTI workflows: capturing intel and generating reports on demand• Managing, editing, and superseding memory over time• The tradeoffs between context richness and security exposure• Multi-model reliability differences (and why they matter)• Practical setup: what it takes to build your own systemThis episode highlights a shift in how AI is used operationally: moving from isolated chats to persistent, structured memory systems that can evolve alongside your work.⸻📚 Key Concepts & TopicsPersistent AI Memory• Solving the “cold start” problem• Centralized context across multiple models• Structured vs raw data ingestionAI Architecture & Tooling• Supabase as a backend memory store• OpenRouter for multi-model access• MCP protocol for integrationsCyber Threat Intelligence (CTI)• Capturing, tagging, and prioritizing intel• Generating automated reports and dashboards• Context-aware intelligence workflowsSecurity & Privacy• Need-to-know data design• Avoiding overexposure via full integrations (email, docs, etc.)• Auditing and removing sensitive dataOperational Workflows• Capturing ideas, notes, and research• Multi-project memory segmentation (“multiple brains”)• Using AI to accelerate—not replace—analysis🔗 HOLOCRON GitHub Guide: https://github.com/belouve/open-brain-holocron🔗 Alex Minster: https://www.linkedin.com/in/alexminster/#AISecurity #CyberSecurity #AIWorkflows #LLM #ThreatIntel #DevSecOps #BHIS #OpenSource #AIEngineering(00:00) - Intro & Guest Introduction (Alex Minster) (00:55) - What Is the OpenBrain HOLOCRON? (Cold Start Problem) (03:00) - How It Works: Centralized Memory & AI Integration (05:30) - Architecture & Free-Tier Stack (Supabase, OpenRouter, MCP) (07:54) - Demo: Capturing Thoughts via Discord (10:55) - CTI Use Case: Prioritizing & Querying Intelligence (15:03) - Managing Memory: Editing, Deleting & Superseding Data (19:04) - Running Protocols: Automated CTI Reports (Demo) (22:05) - Multi-Brain Concept & Segmentation (25:00) - Real-World Output: Reports, Dashboards & Briefings (31:31) - Multi-Model Differences (Claude vs ChatGPT) (35:55) - Improving the System with Feedback Loops (37:29) - How to Build Your Own OpenBrain (41:26) - Real-World Benefits & Workflow Improvements (45:44) - Security Considerations & Data Exposure Risks (47:20) - Where to Find the Project & Contribute (50:16) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Alex Minster "Belouve" - Guest Ethan Robish - Guest Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  16. 42

    LiteLLM Supply Chain Compromise | Episode 47

    In this episode of BHIS Presents: AI Security Ops, the team breaks down the LiteLLM supply chain compromise–a real-world attack that shows how AI systems are being breached through the same old software supply chain weaknesses.What initially looked like a bad release quickly escalated into a full-scale compromise affecting a library downloaded millions of times per day. But LiteLLM wasn’t the starting point–it was just one link in a much larger attack chain involving compromised security tools, CI/CD pipelines, and stolen publishing credentials.The result? Malicious packages distributed at scale, harvesting secrets, enabling lateral movement, and establishing persistence across affected systems.We dig into:• What LiteLLM is and why it’s such a high-value target• How the attack chain started with compromised security tooling (Trivy, Checkmarx)• How unpinned dependencies enabled the compromise• The role of CI/CD pipelines in exposing sensitive credentials• What the malicious LiteLLM packages actually did (credential harvesting, persistence, lateral movement)• The scale of impact given LiteLLM’s widespread adoption• Why supply chain attacks are no longer theoretical–and no longer nation-state exclusive• How AI is lowering the barrier to entry for attackers• Why this wasn’t really an “AI vulnerability”–but an infrastructure failure• The growing risk of automated, agent-driven attack discoveryThis episode highlights a critical reality: the biggest risks in AI systems aren’t always in the models–they’re in the pipelines, dependencies, and infrastructure surrounding them.⸻📚 Key Concepts & TopicsSupply Chain Security• Dependency poisoning and malicious package distribution• CI/CD pipeline compromise• Version pinning and build integrityCredential & Secrets Exposure• API keys, SSH keys, and cloud credentials in pipelines• Risks of centralized AI gateways like LiteLLMThreat Actor Techniques• Tag rewriting and trusted reference hijacking• Multi-stage malware (harvest, lateral movement, persistence)• Use of lookalike domains for exfiltrationAI & Security Reality Check• AI as an amplifier, not the root vulnerability• Traditional security failures in modern AI stacks• Automation lowering attacker barriersDefensive Strategies• Dependency pinning and isolation (Docker, VPS)• Atomic credential rotation• Treating CI/CD tools as critical infrastructure• Monitoring outbound traffic from build environments(00:00) - Intro & Incident Overview (01:26) - What Is LiteLLM & Why It Matters (03:53) - Supply Chain Scope & Why This Is Dangerous (07:31) - Why These Attacks Are Getting Easier (AI + Scale) (10:48) - Attack Chain Breakdown (Trivy → Checkmarx → LiteLLM) (11:50) - What the Malware Did & Impact at Scale (14:23) - Detection, Response & Who Was Safe Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  17. 41

    Model Ablation | Episode 46

    In this episode of BHIS Presents: AI Security Ops, the team breaks down model ablation — a powerful interpretability technique that’s quickly becoming a serious concern in AI security.What started as a way to better understand how models work is now being used to remove safety mechanisms entirely. By identifying and disabling specific components inside a model, researchers — and attackers — can effectively strip out refusal behavior while leaving the rest of the model fully functional.The result? A fast, reliable way to “de-safety” AI systems without prompt engineering, fine-tuning, or significant compute.We dig into:• What model ablation is and how it works• The difference between ablation and pruning• How safety behaviors can be isolated inside model internals• Why refusal mechanisms are often localized (and fragile)• How ablation is being used as a jailbreak technique• Why this is more reliable than prompt-based attacks• Risks specific to open-weight models and public checkpoints• The growing “uncensored model” ecosystem• Why interpretability is a double-edged sword• Whether safety should be deeply embedded into model architecture• What this means for defenders and AI security strategyThis episode explores a critical shift in AI risk: when safety controls can be surgically removed, they stop being security controls at all.⸻📚 Key Concepts & TopicsModel Internals & Interpretability• Neurons, attention heads, and residual stream analysis• Activation space and feature directionsAI Security Risks• Prompt injection vs. structural attacks• Jailbreaking techniques and safety bypassesModel Access & Risk Surface• Open-weight vs. API-only models• Hugging Face and the uncensored model ecosystemAI Safety & Governance• Defense-in-depth for AI systems• Future standards for ablation resistance#AISecurity #ModelAblation #LLMSecurity #CyberSecurity #ArtificialIntelligence #AIResearch #BHIS #AIAgents #InfoSec(00:00) - Intro & Show Overview (01:27) - Removing AI Safety Mechanisms (02:05) - What Is Model Ablation? (Technical Breakdown) (04:01) - Open-Weight Models & Practical Limitations (05:43) - Risks, Use Cases, and Ethical Tradeoffs (07:32) - Security Implications & “You Can’t Ban Math” (10:43) - Future Impact: Open Models Catching Up (17:44) - Final Takeaway: Why “No” Isn’t Security Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Derek Banks - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  18. 40

    Embedding Space Attacks | Episode 45

    In this episode of BHIS Presents: AI Security Ops, the team explores embedding space attacks — a lesser-known but increasingly important threat in modern AI systems — and how attackers can manipulate the mathematical foundations of how models understand data.Unlike prompt injection, which targets instructions, embedding attacks operate at a deeper level by influencing how data is represented, retrieved, and interpreted inside vector spaces. By subtly altering embeddings or poisoning data sources, attackers can manipulate AI behavior without ever touching the model directly.Through a hands-on walkthrough of a custom notebook with rich visualizations, this episode breaks down how embeddings work, why they are critical to LLM-powered systems like RAG pipelines, and how attackers can exploit them in real-world scenarios.We dig into:- What embeddings are and how AI systems convert text into numerical representations- How vector spaces enable similarity search and retrieval in LLM applications- What embedding space attacks are and why they matter for AI security- How small perturbations in data can drastically change model behavior- The risks of poisoned data in RAG and vector databases- How attackers can influence search results and downstream AI outputs- Why these attacks are subtle, hard to detect, and often overlooked- The role of visualization in understanding embedding behavior- Real-world implications for AI-powered applications and workflows- Defensive considerations when building with embeddings and vector storesThis episode focuses on the foundational layer of AI systems, showing how security risks extend beyond prompts and into the underlying data representations that power modern AI.⸻📚 Key Concepts CoveredAI Foundations- Embeddings and vector representations- Similarity search and vector space reasoningAI Security Risks- Embedding space manipulation- Data poisoning in vector databases- Retrieval manipulation in RAG systemsApplications & Impact- LLM-powered search and assistants- AI pipelines using embeddings- Risks in production AI systems#AISecurity #Embeddings #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #InfoSecJoin the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhis(00:00) - Intro & Episode Overview (01:39) - What Are Embeddings? (AI Only Understands Numbers) (03:44) - The Embedding Process (Text → Vectors) (07:43) - Similarity, Classification & Vector Math (09:55) - Visualizing Embedding Space (2D Projection) (14:29) - Classifiers (15:39) - Playing Games with Information (18:06) - Attack Techniques: Synonyms & Context Manipulation (20:29) - Context Padding (27:10) - Collision Attacks, Defenses & Final Thoughts Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  19. 39

    Indirect Prompt Injection | Episode 44

    In this episode of BHIS Presents: AI Security Ops, the team breaks down indirect prompt injection — the #1 risk in the OWASP Top 10 for LLM Applications — and why it represents one of the most dangerous and misunderstood threats in modern AI systems.Unlike traditional attacks, indirect prompt injection doesn’t require malware, credentials, or even user interaction. Instead, attackers hide malicious instructions inside everyday content like emails, documents, or web pages — and wait for AI systems to unknowingly execute them.From real-world exploits like EchoLeak to in-the-wild attacks observed by Palo Alto Unit 42, this episode explores how attackers are already abusing AI-powered tools in production environments — and why current defenses are struggling to keep up.We dig into:• What indirect prompt injection is and how it differs from direct attacks• Why OWASP ranks prompt injection as the #1 LLM security risk• How attackers hide payloads inside emails, documents, and web content• The EchoLeak zero-click exploit against Microsoft 365 Copilot• Web-based prompt injection attacks observed in the wild (Unit 42)• Exploits targeting AI coding tools like Cursor IDE and GitHub Copilot• How RAG systems amplify the risk through poisoned knowledge bases• Why LLM architecture makes this problem fundamentally hard to solve• Research showing modern defenses still fail 50%+ of the time• Practical mitigation strategies: least privilege, human-in-the-loop, and observabilityThis episode focuses on the real-world security implications of AI adoption, showing how attackers are already leveraging these techniques — and what defenders need to understand as AI becomes deeply embedded in business workflows.⸻📚 Key ReferencesPrompt Injection & LLM Risk• OWASP Top 10 for LLM Applications 2025 — https://owasp.orgReal-World Attacks• EchoLeak (CVE-2025-32711) — Aim Security / arXiv• Unit 42 — Web-Based Indirect Prompt Injection in the Wild (March 2026) — https://unit42.paloaltonetworks.comAI System Vulnerabilities• Cursor IDE (CVE-2025-59944)• GitHub Copilot (CVE-2025-53773)• Lakera — Zero-Click MCP Attack — https://lakera.aiResearch on Defenses• Zhan et al. — Adaptive Attacks Break Defenses (NAACL 2025)• Anthropic System Card (Feb 2026)• Google Gemini Security Research (2025)Standards & Guidance• NIST AI Risk Management Framework — https://nist.gov• MITRE ATLAS — https://atlas.mitre.org• ISO/IEC 42001 AI Management Systems#AISecurity #PromptInjection #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #infosec (00:00) - Intro & BHIS / Antisyphon Overview (01:19) - OWASP Top 10 & Prompt Injection Context (01:41) - Indirect Prompt Injection Explained (Stored Attack Analogy) (02:54) - Real-World Attack Scenarios (Calendar & Hidden Payloads) (05:10) - EchoLeak & Zero-Click Copilot Exploit (06:10) - Weaponized Excel Prompt Injection PoC (06:50) - Email Injection & AI Summarization Abuse (09:07) - Why Detection & Prevention Are So Difficult (14:02) - Mitigations & Final Thoughts Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  20. 38

    Top AI Security Concerns | Episode 43

    In this episode of BHIS Presents: AI Security Ops, Bronwen Aker and Dr. Brian Fehrman break down some of the top AI security concerns being discussed by researchers, security firms, and government agencies this year.As AI capabilities rapidly expand, so does the attack surface. From agentic AI systems being used by attackers, to deepfakes at industrial scale, to the persistent challenge of prompt injection, security teams are trying to understand what risks are real, what’s hype, and where defenders should focus first.We dig into:- Why agentic AI is emerging as a major security concern- How attackers could weaponize autonomous agents to scale operations- The risk of malicious agent skills and AI supply chain attacks- Why overly broad permissions make agent-based systems dangerous- AI-assisted phishing campaigns and social engineering at scale- The rise of deepfakes and corporate fraud driven by generative AI- Why humans still struggle to reliably detect deepfake media- The economics of deepfake fraud and real-world incidents- Prompt injection attacks and why they remain difficult to solve- Whether future models may autonomously discover and exploit jailbreaksThis episode looks at the practical security implications of today’s AI ecosystem — where the biggest risks are coming from, how attackers may leverage AI systems, and what defenders should be thinking about as these technologies continue to evolve.📚 Key ReferencesAgentic AI Threats- CrowdStrike 2026 Global Threat Report — https://www.crowdstrike.com- IBM X-Force 2026 Threat Intelligence Index — https://www.ibm.com/security/x-force- Cisco State of AI Security 2026 — https://www.cisco.com/site/us/en/products/security/state-of-ai-security.html#tabs-9da71fbd27-item-1288c79d71-tabDeepfakes & AI-Driven Fraud- WEF Global Cybersecurity Outlook 2026 — https://www.weforum.org/publications/global-cybersecurity-outlook-2026/- International AI Safety Report 2026 — https://www.internationalaisafetyreport.orgAI Security & Infrastructure Risk- CISA Joint Guidance on AI in OT — https://www.cisa.gov/news-events/news/new-joint-guide-advances-secure-integration-artificial-intelligence-operational-technologyPrompt Injection & LLM Exploitation- Schneier et al., “The Promptware Kill Chain” — https://www.lawfaremedia.org/article/the-promptware-kill-chain- Palo Alto Unit 42 — “Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild”https://unit42.paloaltonetworks.com/indirect-prompt-injection-ai-agents/(00:00) - Intro & Episode Overview (02:18) - Agentic AI as a Security Threat (CrowdStrike 2026 Global Threat Report, IBM X-Force Index) (03:46) - Malicious Agent Skills & AI Supply Chain Attacks (Cisco State of AI Security) (04:58) - How Agent Skills Actually Work (07:47) - Permissions & Guardrails for AI Agents (CISA AI in OT Guidance) (09:57) - AI-Generated Phishing Campaigns (CrowdStrike / IBM Threat Reports) (13:58) - Deepfakes at Industrial Scale (WEF Global Cybersecurity Outlook) (15:38) - Corporate Fraud & Deepfake Incidents (International AI Safety Report) (17:21) - Why Humans Struggle to Detect Deepfakes (21:13) - Prompt Injection Attacks Explained (Schneier – Promptware Kill Chain) (24:35) - AI Models Jailbreaking Other Models (Palo Alto Unit 42 Research) (28:59) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  21. 37

    Claude Cowork Discussion | Episode 42

    We discuss the meaning of AI life In episode 42 of "BHIS Presents: AI Security Ops." Derek Banks is joined by Bronwen Aker and Brian Fehrman to break down Anthropic’s latest agentic desktop experiment: Claude Cowork.Claude Cowork brings large language models directly onto the endpoint — giving Claude the ability to read, write, and organize files on your local machine. It’s designed to make powerful AI workflows accessible to non-technical users… but as with any tool that operates at the OS level, the security implications are significant.We explore what happens when AI moves closer to your data, your filesystem, and your browser — and what that means for defenders.We dig into:- What Claude Cowork is and how it differs from Claude Code- Agentic desktop tools vs. command-line workflows- Local file access and OS-level interaction risks- Skills, automation, and task iteration- Chrome plugins and expanded attack surface- Overly broad permissions and least-privilege concerns- SaaS disruption and shifting trust boundaries- Endpoint monitoring challenges- The speed of AI releases vs. security review cycles- Balancing innovation with responsible deploymentThis conversation looks at the real-world operational and defensive considerations of agentic AI tools running directly on user systems. If you’re evaluating AI productivity tools inside your organization — or defending environments where they’re already being adopted — this episode will help you think through the risks and tradeoffs.(00:00) - Intro & Episode Overview (02:08) - What Is Claude Cowork? (04:03) - Desktop Agents vs. Command Line Users (06:12) - Agentic Workflows & Task Automation (08:08) - Building Fast with Claude (Speed of Development) (09:29) - Browser Plugins & Expanding Capabilities (11:06) - Permission Models & “Just Give It Access to Everything” (12:40) - SaaS Disruption & Enterprise Impact (14:38) - Overly Broad File Access Risks (16:27) - Organizational Disruption & Workforce Impact (18:09) - Security Lag vs. Rapid AI Releases (19:46) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Bronwen Aker - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  22. 36

    OpenClaw and Moltbook with Guests Beau Bullock and Hayden Covington | Episode 41

    In this episode of BHIS Presents: AI Security Ops, we’re joined by Beau Bullock and Hayden Covington to unpack one of the most talked-about AI agent experiments in recent memory: OpenClaw and its companion platform, Moltbook.OpenClaw exploded onto the scene as an autonomous AI agent capable of operating Claude Code from the command line — executing tasks, monitoring output, and iterating with minimal human involvement. Shortly after, Moltbook emerged as a social platform designed specifically for AI agents to interact with one another.But as with most cutting-edge AI experiments, things moved fast… and broke fast.We dig into:What OpenClaw actually is and how it worksAI agents operating other AI systems (Claude Code in the loop)The concept of “skills” and extending agent capabilitiesThe one-click RCE vulnerability discovered shortly after releaseMoltbook as a social network for AI agentsAPI keys, agent-only access, and how humans bypassed itBeacons, autonomy, and what “control” really meansWhere the line is between automation and true autonomyShort-term workforce impacts vs. long-term AI riskThis conversation moves beyond hype into the practical and security implications of rapidly deployed autonomous agents. If you’re experimenting with AI agents — or defending against them — this episode will give you a grounded perspective on what’s possible today, what’s fragile, and what’s coming next.(00:00) - Intro & Guest Welcome (01:38) - AI Agents in the News (03:23) - From “Moltbot” to OpenClaw (04:13) - What Is OpenClaw? How It Works (05:13) - Claude Code + Agent-in-the-Middle Model (07:36) - Extending OpenClaw with Skills (08:42) - Release Timeline & Rapid Adoption (10:16) - One-Click RCE in OpenClaw (11:45) - Introducing Moltbook (AI Social Network) (14:03) - How Moltbook Actually Worked (17:55) - “I Am a Robot” & Agent Authentication (20:28) - Beaconing & Operational Behavior (26:44) - Automation vs. True Autonomy (27:26) - Control, Kill Switches & Agent Boundaries (30:59) - Workforce Impact & Near-Term Concerns (35:34) - AI Apocalypse? Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Beau Bullock - Guest Hayden Covington - Guest Derek Banks - Host Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  23. 35

    AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40

    AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40In this episode of BHIS Presents: AI Security Ops, we sit down with Hayden Covington and Ethan Robish from the BHIS Security Operations Center (SOC) to explore how AI is actually being used in modern defensive operations.From foundational machine learning techniques like statistical baselining and clustering to large language models assisting with alert triage and reporting, we dig into what works, what doesn’t, and what SOC teams should realistically expect from AI today.We break down:- How AI helps reduce alert fatigue and improve triage- Practical automation inside a real-world SOC- The difference between traditional ML approaches and LLM-powered workflows- Foundational techniques like K-means, anomaly detection, and behavioral baselining- Using LLMs for enrichment, investigation, and report drafting- Where AI struggles: hallucinations, inconsistency, and edge cases- Risks around over-trusting AI in security operations- How to responsibly integrate AI into analyst workflowsThis episode is grounded in real operational experience—not vendor demos. If you’re running a SOC, building AI tooling, or just trying to separate hype from reality, this conversation will help you think clearly about augmentation vs. automation in defensive security.(00:00) - Intro & Guest Introductions (04:44) - Alert Triage & SOC Pain Points (06:04) - Automation Inside the SOC (09:59) - “Boring AI”: Clustering, Baselining & Statistics (17:06) - AI-Assisted Reporting & Client Communication (18:34) - Limitations, Edge Cases & Model Risk (22:56) - Hallucinations & Inconsistent Outputs (25:04) - AI Demos vs. Real-World Security Work (28:35) - Final Thoughts & Closing Click here to watch this episode on YouTube. Creators & Guests Hayden Covington - Guest Ethan Robish - Guest Bronwen Aker - Host Derek Banks - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com 

  24. 34

    AI News | Episode 39

    AI News | Episode 39In this episode of AI Security Ops, we break down the latest developments in AI-driven threats, identity chaos caused by autonomous agents, NIST’s focus on securing AI in critical infrastructure, and new visibility tooling for AI exposure.We cover real-world abuse of LLMs for phishing, how AI agents are colliding with IAM governance, and what defenders should be watching right now.Chapters:00:00 – Introduction and SponsorsBlack Hills Information Security - https://www.blackhillsinfosec.com/Antisyphon Training - https://www.antisyphontraining.com/01:08 – LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)Discussion begins as the hosts introduce the first story.How LLMs are generating polymorphic malicious JavaScript for phishing pages and evading traditional detection.👉 https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/08:49 – AI Agents vs IAM: “Who Approved This Agent?” (Hacker News)Conversation shifts to agent privilege management and governance failures.👉 https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html10:07 – NIST Focus on Securing AI Agents in Critical InfrastructureDiscussion on federal guidance and why AI agents are being treated as critical infrastructure risk components.👉 https://www.linkedin.com/pulse/cybersecurity-institute-news-roundup-20-january-2026-entrust-alz7c13:44 – Tenable One AI ExposureBreaking down Tenable’s push into enterprise AI usage visibility and exposure management.👉 https://www.tenable.com/blog/tenable-one-ai-exposure-secure-ai-usage-at-scaleJoin the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhisChapters(00:00) - Introduction and Sponsors (01:08) - LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto) (10:07) - NIST Focus on Securing AI Agents in Critical Infrastructure (13:44) - Tenable One AI Exposure Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Click here to watch this episode on YouTube. ----------------------------------------------------------------------------------------------About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  25. 33

    Questions From the Community | Episode 38

    Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Joff Thyer - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript.

  26. 32

    A.I. Frameworks and Databases | Episode 37

    In Episode 37 of AI Security Ops, the team breaks down the most important AI security frameworks and vulnerability databases used to track risks in machine learning and large language models. The discussion covers emerging AI vulnerability databases, the OWASP Top 10 for LLMs, CVE challenges, and frameworks like MITRE ATLAS, highlighting why standardizing AI threats is still difficult. This episode is a practical guide for security professionals looking to stay ahead of AI vulnerabilities, attack techniques, and defensive resources in a fast-moving landscape.Chapters(00:00) - Episode 37 – AI Frameworks & Databases (01:39) - A.I. vulnerability tracking is still young (02:44) - Should A.I. get its own vulnerability database? (07:33) - The benefit of multiple vulnerability databases (15:58) - The what is the definition of a vulnerability? (17:54) - Final Thoughts Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com 

  27. 31

    AI News Stories | Episode 36

    This week on AI Security Ops, the team breaks down how attackers are weaponizing AI and the tools around it: a critical n8n zero-day that can lead to unauthenticated remote code execution, prompt-injection “zombie agent” risks tied to ChatGPT memory, a zero-click-style indirect prompt injection scenario via email/URLs, and malicious Chrome extensions caught siphoning ChatGPT/DeepSeek chats at scale. They close with a reminder that the tactics are often “same old security problems,” just amplified by AI—so lock down orchestration, limit browser extensions, and keep sensitive data out of chat tools.Key stories discussed1) n8n (“n-eight-n”) zero-day → unauthenticated RCE riskhttps://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.htmlThe hosts discuss a critical flaw in the n8n workflow automation platform where a workflow-parsing HTTP endpoint can be abused (via a crafted JSON payload) to achieve remote code execution as the n8n service account. Because automation/orchestration platforms often have broad internal access, one compromise can cascade quickly across an organization’s automation layer. ai-news-stories-episode-36Practical takeaway: don’t expose orchestration platforms directly to the internet; restrict who/what can talk to them; treat these “glue” systems as high-impact targets and assess them like any other production system. ai-news-stories-episode-362) “Zombie agent” prompt injection via ChatGPT Memoryhttps://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injectionThe team talks about research describing an exploit that stores malicious instructions in long-term memory, then later triggers them with a benign prompt—leading to potential data leakage or unsafe tool actions if the model has integrations. The discussion frames this as “stored XSS vibes,” but harder to solve because the “feature” (following instructions/context) is also the root problem. ai-news-stories-episode-36User-side mitigation themes: consider disabling memory, keep chats cleaned up, and avoid putting sensitive data into chat tools—especially when agents/tools are involved. ai-news-stories-episode-363) “Zero-click” agentic abuse via crafted email/URL (indirect prompt injection)https://www.infosecurity-magazine.com/news/new-zeroclick-attack-chatgpt/Another story describes a crafted URL delivered via email that could trigger an agentic workflow (e.g., email summarization / agent actions) to export chat logs without explicit user interaction. The hosts largely interpret this as indirect prompt injection—a pattern they expect to keep seeing as assistants gain more connectivity. ai-news-stories-episode-36Key point: even if the exact implementation varies, auto-processing untrusted content (like email) is a persistent risk when the model can take actions or access history. ai-news-stories-episode-364) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (900k users)https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.htmlTwo Chrome extensions posing as AI productivity tools reportedly injected JavaScript into AI web UIs, scraped chat text from the DOM, and exfiltrated it—highlighting ongoing extension supply-chain risk and the reality that “approved store” doesn’t mean safe. ai-news-stories-episode-36Advice echoed: minimize extensions, separate browsers/profiles for sensitive activities, and treat “AI sidebar” tools with extra skepticism. ai-news-stories-episode-365) APT28 credential phishing updated with AI-written lureshttps://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.htmlThe closing story is a familiar APT pattern—phishing emails with malicious Office docs leading to PowerShell loaders and credential theft—except the lure text is AI-generated, making it more consistent/convincing (and harder for users to spot via grammar/tone). ai-news-stories-episode-36The conversation stresses that “don’t click links” guidance is oversimplified; verification and layered controls matter (e.g., disabling macros org-wide). ai-news-stories-episode-36Chapter Timestamps(00:00) - Intro & Sponsors (01:16) - 1) n8n zero-day → unauthenticated RCE (09:00) - 2) “Zombie agent” prompt injection via ChatGPT Memory (19:52) - 3) “Zero-click” style agent abuse via crafted email/URL (indirect prompt injection) (23:41) - 4) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (~900k users) (29:59) - 5) APT28 phishing refreshed with AI-written lures (34:15) - Closing thoughts: “AI genie is out of the bottle” + safety reminders Click here to watch a video of this episode. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com 

  28. 30

    2026 Predictions | Episode 35

    AI Security Ops | Episode 35 – 2026 PredictionsIn this episode, the BHIS panel looks into the crystal ball and shares bold predictions for AI in 2026—from energy constraints and drug development breakthroughs to agentic AI risks and cybersecurity threats.Chapters(00:00) - Intro & Sponsor Shoutouts (01:14) - Prediction: Grid Power Becomes the Bottleneck (10:27) - Prediction: FDA Qualifies AI Drug Development Tools (15:45) - Prediction: Nation-State Threat Actors Weaponize AI (17:33) - Prediction: Agentic AI Dominates App Development (23:07) - Closing Thoughts: Jobs, Risk & Opportunity 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  29. 29

    AI Security Ops - Why Did We Create This Podcast? | Podcast Trailer

    Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhisAI Security Ops | Episode 34 – Why Did We Create This Podcast?In this episode, the BHIS team explains the purpose behind AI Security Ops, what you can expect from future episodes, and why this show matters for anyone at the intersection of AI and cybersecurity.Chapters(00:00) - Intro & Welcome (00:13) - Why We Started AI Security Ops (00:41) - Our Mission: Stay Informed & Ahead (00:56) - What We Cover: AI News & Insights (01:23) - Community Q&A & Real-World Scenarios (02:18) - Special Guests & Industry Leaders (02:41) - Demos, How-Tos & Practical Tips (03:07) - Who Should Listen & Why Subscribe (03:34) - Join the Conversation & Closing 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com

  30. 28

    Community Q&A on AI Security | Episode 34

    Community Q&A on AI Security | Episode 34In this episode of BHIS Presents: AI Security Ops, our panel tackles real questions from the community about AI, hallucinations, privacy, and practical use cases. From limiting model hallucinations to understanding memory features and explaining AI to non-technical audiences, we dive into the nuances of large language models and their role in cybersecurity.We break down:Why LLMs sometimes “make stuff up” and how to reduce hallucinationsThe role of prompts, temperature, and RAG databases in accuracyPrompting best practices and reasoning modes for better resultsLegal liability: Can you sue ChatGPT for bad advice?Memory features, data retention, and privacy trade-offsSecurity paranoia: AI apps, trust, and enterprise vs free accountsPractical examples like customizing AI for writing styleHow to explain AI to your mom (or any non-technical audience)Why AI isn’t magic—just math and advanced auto-completeWhether you’re deploying AI tools or just curious about the hype, this episode will help you understand the realities of AI in security and how to use it responsibly.Chapters(00:00) - Welcome & Sponsor Shoutouts (00:50) - Episode Overview: Community Q&A (01:19) - Q1: Will ChatGPT Make Stuff Up? (07:50) - Q2: Can Lawyers Sue ChatGPT for False Cases? (11:15) - Q3: How Can AI Improve Without Ingesting Everything? (22:04) - Q4: How Do You Explain AI to Non-Technical People? (28:00) - Closing Remarks & Training Plug Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  31. 27

    AI News Stories | Episode 33

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comAI News | Episode 33In this episode of BHIS Presents: AI Security Ops, the panel dives into the latest developments shaping the AI security landscape. From the first documented AI-orchestrated cyber-espionage campaign to polymorphic malware powered by Gemini, we explore how agentic AI, insecure infrastructure, and old-school mistakes are creating a fragile new attack surface.We break down:AI-driven cyber espionage: Anthropic disrupts a state-sponsored campaign using autonomous Black-hat LLMs: KawaiiGPT democratizes offensive capabilities for script kiddies.Critical RCEs in AI stacks: ShadowMQ vulnerabilities hit Meta, NVIDIA, Microsoft, and more.Amazon’s private AI bug bounty: Nova models under the microscope.Google Antigravity IDE popped in 24 hours: Persistent code execution flaw.PROMPTFLUX malware: Polymorphic VBScript leveraging Gemini for hourly rewrites.Whether you’re defending enterprise AI deployments or building secure agentic tools, this episode will help you understand the emerging risks and what you can do to stay ahead.⏱️ Chapters(00:00) - Intro & Sponsor Shoutouts (01:27) - AI-Orchestrated Cyber Espionage (Anthropic) (08:10) - ShadowMQ: Critical RCE in AI Inference Engines (09:54) - KawaiiGPT: Free Black-Hat LLM (22:45) - Amazon Nova: Private AI Bug Bounty (26:38) - Google Antigravity IDE Hacked in 24 Hours (31:36) - PROMPTFLUX: Malware Using Gemini for Polymorphism 🔗 LinksAI-Orchestrated Cyber Espionage (Anthropic)ShadowMQ: Critical RCE in AI Inference EnginesKawaiiGPT: Free Black-Hat LLMAmazon Nova: Private AI Bug BountyGoogle Antigravity IDE Hacked in 24 HoursPROMPTFLUX: Malware Using Gemini for Polymorphism#AISecurity #Cybersecurity #BHIS #LLMSecurity #AIThreats #AgenticAI #BugBounty #malwareBrought to you by Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  32. 26

    Model Evasion Attacks | Episode 32

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comModel Evasion Attacks | Episode 32In this episode of BHIS Presents: AI Security Ops, the panel explores the stealthy world of model evasion attacks, where adversaries manipulate inputs to trick AI classifiers into misclassifying malicious activity as benign. From image classifiers to malware detection and even LLM-based systems, learn how attackers exploit decision boundaries and why this matters for cybersecurity.We break down:- What model evasion attacks are and how they differ from data poisoning- How attackers tweak features to bypass classifiers (images, phishing, malware)- Real-world tactics like model extraction and trial-and-error evasion- Why non-determinism in AI models makes evasion harder to predict- Advanced threats: model theft, ablation, and adversarial AI- Defensive strategies: adversarial training, API throttling, and realistic expectations- Future outlook: regulatory trends, transparency, and the ongoing arms raceWhether you’re deploying EDR solutions or fine-tuning AI models, this episode will help you understand why evasion is an enduring challenge, and what you can do to defend against it.#AISecurity #ModelEvasion #Cybersecurity #BHIS #LLMSecurity #aithreatsBrought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:19) - What Are Model Evasion Attacks? (03:58) - Image Classifiers & Pixel Tweaks (07:01) - Malware Classification & Decision Boundaries (10:02) - Model Theft & Extraction Attacks (13:16) - Non-Determinism & Myth Busting (16:07) - AI in Offensive Capabilities (17:36) - Defensive Strategies & Adversarial Training (20:54) - Vendor Questions & Transparency (23:22) - Future Outlook & Regulatory Trends (25:54) - Panel Takeaways & Closing Thoughts

  33. 25

    Data Poisoning | Episode 31

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comData Poisoning Attacks | Episode 31In this episode of BHIS Presents: AI Security Ops, the panel dives into the hidden danger of data poisoning – where attackers corrupt the data that trains your AI models, leading to unpredictable and often harmful behavior. From classifiers to LLMs, discover why poisoned data can undermine security, accuracy, and trust in AI systems.We break down:What data poisoning is and why it mattersHow attackers inject malicious samples or flip labels in training setsThe role of open-source repositories like Hugging Face in supply chain riskNew twists for LLMs: poisoning via reinforcement feedback and RAGReal-world concerns like bias in ChatGPT and malicious model uploadsDefensive strategies: governance, provenance, versioning, and security assessmentsWhether you’re building classifiers or fine-tuning LLMs, this episode will help you understand how poisoned data sneaks in, and what you can do to prevent it. Treat your AI like a “drunk intern”: verify everything.#aisecurity  #DataPoisoning #Cybersecurity #BHIS #llmsecurity  #aithreatsBrought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:19) - What Is Data Poisoning? (03:58) - Poisoning Classifier Models (08:10) - Risks in Open-Source Data Sets (12:30) - LLM-Specific Poisoning Vectors (17:04) - RAG and Context Injection (21:25) - Realistic Threats & Examples (25:48) - Defensive Strategies & Governance (28:27) - Panel Takeaways & Closing Thoughts

  34. 24

    AI News Stories | Episode 30

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comAI News Stories | Episode 30In this episode of BHIS Presents: AI Security Ops, we break down the top AI cybersecurity news and trends from November 2025. Our panel covers rising public awareness of AI, the security risks of local LLMs, emerging AI-driven threats, and what these developments mean for security teams. Whether you work in cybersecurity, AI security, or incident response, this episode helps you stay ahead of evolving AI-powered attacks and defenses.Topics Covered:Only 5% of Americans are unaware of AI?What Pew Research reveals about AI’s penetration into everyday life and workplace usage.AI’s Shift to the Intimacy Economy – Project Libertyhttps://email.projectliberty.io/ais-shift-to-the-intimacy-economy-1  Amazon to Cut Jobs and Invest in AI Infrastructure14,000 corporate roles eliminated—are layoffs really about efficiency or something else?Amazon to Cut Jobs & Invest in AI – DWhttps://www.dw.com/en/amazon-to-cut-14000-corporate-jobs-amid-ai-investment/a-74524365Local Models Less Secure than Cloud Providers?Why quantization and lack of guardrails make local LLMs more vulnerable to prompt injection and insecure code.Local LLMs Security Paradox – Quesmahttps://quesma.com/blog/local-llms-security-paradox Whether you're a red teamer, SOC analyst, or just trying to stay ahead of AI threats, this episode delivers sharp insights and practical takeaways.Brought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:07) - AI’s Shift to the Intimacy Economy (Pew Research) (19:40) - Amazon Layoffs & AI Investment (27:00) - Local LLM Security Paradox (36:32) - Wrap-Up & Key Takeaways

  35. 23

    A Conversation with Dr. Colin Shea-Blymyer | Episode 29

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comA Conversation with Dr. Colin Shea-Blymyer  | Episode 29In this episode of BHIS Presents: AI Security Ops, the panel welcomes Dr. Colin Shea-Blymyer for a deep dive into the intersection of AI governance, cybersecurity, and red teaming. From the historical roots of neural networks to today’s regulatory patchwork, we explore how policy, security, and innovation collide in the age of AI. Expect candid insights on emerging risks, open models, and why defining your risk appetite matters more than ever.Topics Covered:AI governance vs. innovation: U.S. vs. EU regulatory approachesThe evolution of neural networks and lessons from AI historyAI red teaming: definitions, methodologies, and data-sharing challengesSafety vs. security: where they overlap and divergeEmerging risks: supply chain vulnerabilities, prompt injection, and poisoned dataOpen weights vs. closed models: implications for research and securityPractical takeaways for organizations navigating AI uncertaintyAbout the Panel:Joff Thyer, Dr. Brian Fehrman, Derek BanksGuest Panelist: Dr. Colin Shea-Blymyerhttps://cset.georgetown.edu/staff/colin-shea-blymyer/#aisecurity  #aigovernance  #cyberrisk  #AIredteam #OpenModels #aipolicy  #BHIS #AIthreats #aiincybersecurity  #llmsecurityBrought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Guest Welcome (02:14) - Colin’s Journey: From CS to AI Governance (06:33) - Lessons from AI History & Neural Network Origins (10:28) - AI Red Teaming: Definitions & Methodologies (15:11) - Safety vs. Security: Where They Intersect (22:47) - Regulatory Landscape: U.S. Patchwork vs. EU AI Act (33:42) - Open Models Debate: Risks & Research Benefits (38:19) - Emerging Threats & Supply Chain Risks (44:06) - Practical Takeaways & Closing Thoughts

  36. 22

    Questions from the Community | Episode 28

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comAI News Stories | Episode 28 – Questions from the CommunityIn this episode of BHIS Presents: AI Security Ops, the panel tackles real questions from the community, diving deep into the practical, ethical, and technical challenges of AI in cybersecurity. From red teaming tools to prompt privacy, this Q&A session delivers candid insights and actionable advice for professionals navigating the AI-infused threat landscape.🧠 Topics Covered:Open-source tools for LLM red teamingThreat modeling AI systems (STRIDE methodology)Hallucination rates in frontier vs. local modelsPrompt privacy: what’s stored, what’s sharedShould red teamers disclose AI usage?Human-in-the-loop: AI-generated deliverablesWhether you're a pentester, SOC analyst, or just curious about how AI is reshaping offensive security, this episode is packed with expert perspectives and practical takeaways.About the Panel:Brian Fehrman, Derek Banks, Joff ThyerBrought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:14) - Recommended Tools for LLM Red Teaming (06:12) - Threat Modeling AI Systems (09:58) - Which Models Hallucinate Most? (17:13) - Prompt Privacy: What You Should Know (22:54) - Should Red Teamers Disclose AI Usage? (27:01) - Final Thoughts & Wrap-Up

  37. 21

    Azure AI Foundry Guardrails | Episode 27

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comAzure AI Foundry Guardrails | Episode 27In this episode of BHIS Presents: AI Security Ops, we explore how to configure content filters for AI models using the Azure AI Fooundry guardrails and controls interface. Whether you're building secure demos or deploying models in production, this walkthrough shows how to block unwanted content, enforce policy, and maintain compliance.Topics Covered: Changing default filters for demo compliance Setting up a system prompt and understanding its role Adding regex terms to block specific content Creating and configuring a custom filter: “tech demo guardrails” Input-side filtering: inspecting user text before model access Safety vs. security categories in filtering Enabling prompt shields for indirect jailbreak detectionThis video is ideal for developers, security engineers, and anyone working with AI systems who needs to implement layered defenses and ensure responsible model behavior.Why This MattersBy implementing layered security—block lists, input and output filters—you protect sensitive data, comply with policy, and maintain a safe user experience.#AIsecurity #GuardrailsAndControls #ContentFiltering #PromptSecurity #RegexFiltering #BHIS #AIModelSafety #SystemPromptSecurityBrought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Introduction & Overview (01:17) - Changing the Default Content Filter for Demo Compliance (02:00) - Setting Up a System Prompt and Its Purpose (04:26) - Adding a New Term (“dogs”) to the Content Filter (Regex Example) (05:04) - Creating and Configuring a Content Filter Named “Tech Demo Guardrails” (05:35) - How Input-Side Filters Inspect and Block Unwanted Content (06:01) - Overview of Safety Categories vs. Security Categories (07:15) - Enabling Prompt Shields for Indirect Jailbreak Detection (Not Used in Demo) (08:30) - Summary & Next Steps

  38. 20

    Questions from the Community | Episode 26

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comQuestions from the Community | Episode 26In this community-driven episode of BHIS Presents: AI Security Ops, the panel answers real questions from viewers about AI security, privacy, and risk. Featuring Brian Fehrman, Bronwen Aker, Jack Verrier, and Joff Thyer, the team dives into everything from guardrails and hallucinations to GDPR, agentic AI, and how to stay safe in an AI-saturated world.💬 Topics include:Are guardrails enough to protect sensitive prompts?What’s the difference between hallucination and confabulation?How does AI intersect with GDPR and the right to be forgotten?What does it mean to “stay safe” when using AI?How is securing AI different from traditional software?Whether you're a red teamer, SOC analyst, or just trying to navigate the AI landscape, this episode offers practical insights and thoughtful perspectives from seasoned security professionals.Panelists:🔹 Brian Fehrman🔹 Bronwen Aker🔹 Jack Verrier🔹 Joff Thyer#AIsecurity #Cybersecurity #PromptInjection #LLMs #BHIS #AIprivacy #AgenticAI #AIandGDPRBrought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Panel Welcome (01:22) - Are Guardrails Enough to Protect System Prompts? (09:54) - Explaining Hallucination vs. Confabulation (20:09) - AI and GDPR: The Right to Be Forgotten? (23:49) - How Do We Stay Safe Using AI? (32:26) - Securing AI vs. Traditional Software (37:18) - Final Thoughts & Wrap-Up

  39. 19

    AI News Stories | Episode 25

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comAI News Stories | Episode 25In this episode of BHIS Presents: AI Security Ops, the panel dives into the biggest AI cybersecurity headlines from late September 2025. From government regulation to zero-click exploits, we unpack the risks, trends, and implications for security professionals navigating the AI-powered future.🧠 Topics Covered:Government oversight of advanced AI systemsAccenture’s massive layoffs amid AI pivotShadowLeak: zero-click vulnerability in ChatGPT agentsMalicious MCP server stealing emailsAI in the SOC: benefits and risksAttackers using AI to scale ransomware and social engineeringWhether you're a red teamer, SOC analyst, or just trying to stay ahead of AI threats, this episode delivers sharp insights and practical takeaways.Brought to you by Black Hills Information Security https://www.blackhillsinfosec.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (00:45) - Senators Introduce AI Risk Evaluation Act (09:48) - Accenture Layoffs & AI Restructuring (16:17) - ShadowLeak: Zero-Click Vulnerability in ChatGPT (20:07) - Malicious MCP Server & Supply Chain Risks (26:27) - AI in the SOC: Alert Triage & Analyst Burnout (30:10) - Final Thoughts: AI’s Role in Security Operations

  40. 18

    Model Extraction Attacks | Episode 24

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comModel Extraction Attacks | Episode 24In this solo episode of BHIS Presents: AI Security Ops, Brian Fehrman explores the stealthy world of Model Extraction Attacks—where hackers clone your AI model without ever touching your code. Learn how adversaries can reverse-engineer your multimillion-dollar model simply by querying its API, and why this threat is more than just academic.We break down:- What model extraction is and how it works- Real-world examples like DeepSeek’s alleged distillation of OpenAI models- The risks to intellectual property, security, and sensitive data- Defensive strategies including API throttling, output limiting, watermarking, and honeypots- Legal and ethical questions around benchmarking vs. theftWhether you're deploying LLMs or classification models, this episode will help you understand how attackers replicate model behavior—and what you can do to stop them.If your AI is accessible, someone’s probably trying to copy it.#AIsecurity #ModelExtractionAttacks #Cybersecurity #BHIS #LLMsecurity #AIthreats----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro & Sponsor Shoutouts (01:19) - What Is a Model Extraction Attack? (02:45) - Why Training a Model Is So Expensive (05:42) - How Model Extraction Works (07:11) - Why It Matters: IP, Security & Data Risks (10:25) - What Makes Extraction Easier or Harder (12:54) - Defenses: Monitoring, Watermarking & Privacy (16:04) - What to Do If You Suspect an Attack (16:29) - Legal & Ethical Questions Around Model Theft (19:30) - Final Thoughts & Takeaways

  41. 17

    News of the Month | Episode 23

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comIn this episode of AI Security Ops, Brian Fehrman and Joff Thyer dive into the latest AI news of the month, exploring how rapidly evolving technologies are reshaping cybersecurity.Topics covered include: - How AI is changing cybersecurity monitoring - Expanding from email to Slack, Teams, and other chat platforms - Addressing insider threats and phishing campaigns in new channels - The rapid pace of AI innovation and industry trends - Why organizations should prioritize AI security assessments - Real-world risks and opportunities in the AI landscapeStay ahead in the AI race with Black Hills Information Security as we cover real-world risks, opportunities, and the latest developments in the AI landscape.///News Stories This Episode:1. AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concernshttps://thehackernews.com/2025/09/ai-powered-villager-pen-testing-tool.html2. CrowdStrike and Meta Just Made Evaluating AI Security Tools Easierhttps://www.zdnet.com/article/crowdstrike-and-meta-just-made-evaluating-ai-security-tools-easier/3. Check Point Acquires Lakera to Deliver End-to-End AI Security for Enterpriseshttps://www.checkpoint.com/press-releases/check-point-acquires-lakera-to-deliver-end-to-end-ai-security-for-enterprises/4. Proofpoint Offers AI Agents to Monitor Human-Based Communicationshttps://www.msspalert.com/news/proofpoint-offers-ai-agents-to-monitor-human-based-communications5. EvilAI Malware Campaign Exploits AI-Generated Code to Breach Global Critical Sectorshttps://industrialcyber.co/ransomware/evilai-malware-campaign-exploits-ai-generated-code-to-breach-global-critical-sectors/----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  42. 16

    Insider Threat 2.0 - Prompt Leaks & Shadow AI | Episode 22

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comInsider Threat 2.0 -  Prompt Leaks & Shadow AI | Episode 22In this episode of BHIS Presents AI Security Ops, we dive into Insider Threat 2.0: Prompt Leaks & Shadow AI. The panel explores the hidden risks of employees pasting sensitive data into public AI tools, the rise of unauthorized “Shadow AI” in organizations, and how policies—or lack thereof—can expose critical information. Learn why free AI services often make you the product, how prompt history creates data leakage risks, and why companies must establish clear AI usage guidelines. We also cover practical defenses, from enterprise AI accounts to cultural awareness training, and draw parallels to past IT challenges like Shadow IT and rogue wireless.If you’re concerned about AI security, data leakage, or safe adoption of large language models, this discussion will help you navigate the risks and protect your organization.#AIsecurity #PromptInjection #ShadowAI #Cybersecurity #BHIS----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  43. 15

    Deepfakes and Fraudulent Interviews In Remote Hiring | Episode 21

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comEpisode 21 - Deepfakes And Fraudulent Interviews In Remote HiringIn this episode of AI Security Ops by Black Hills Information Security, the crew explores the alarming rise of deepfakes and fraudulent interviews in remote hiring. As virtual work expands, cybercriminals are using AI-driven impersonation tactics to pose as job candidates, deceive recruiters, and gain unauthorized access to organizations. Joff, Bronwen Aker, Brian Fehrman, and Derek Banks break down real-world cases, explain the challenges of spotting deepfake job scams, and share actionable strategies to secure hiring processes. Discover the red flags to watch for in virtual interviews, how attackers exploit trust, and why companies must adapt their security awareness in the age of AI.----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  44. 14

    The Hallucination Problem | Episode 20

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comEpisode 20 - The Hallucination ProblemIn this episode of AI Security Ops, Joff Thyer and Brian Fehrman from Black Hills Information Security dive into the hallucination problem in AI large language models and generative AI. They explain what hallucinations are, why they happen, and the risks they create in real-world AI deployments. The discussion covers security implications, practical examples, and strategies organizations can use to mitigate these issues through stronger design, monitoring, and testing. A must-watch for cybersecurity professionals, AI researchers, and anyone curious about the limitations and challenges of modern AI systems.----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/

  45. 13

    News of the Month | Episode 19

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comAI News of the Month | Episode 19In Episode 19,Brianand Derek cover a zero-click indirect prompt injection attack against ChatGPT connectors and seemingly innocent Google Calendar events that hijack smart homes via Gemini, with possible consequences for the power grid.They'll discuss the impact of Microsoft patching a critical Azure OpenAI SSRF vulnerability and go over new NIST AI security standards, IBM’s study on shadow AI and breach costs, OpenAI’s response to chat indexing leaks, and a malicious VS Code extension that stole $500K in cryptocurrency. #AI #CyberSecurity #PromptInjection #Malware #InfoSec #AIThreats #Hacking #GenerativeAI #Deepfakes #LLM #ShadowAI“Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer) — Aug 6, 2025Primary: https://www.wired.com/story/poisoned-document-could-leak-secret-data-chatgpt/Tech write-up: https://labs.zenity.io/p/agentflayer-chatgpt-connectors-0click-attack-5b41Poisoned Google Calendar invite hijacks Gemini to control a smart home — Aug 6–10, 2025Primary: https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/Bug/patch coverage: https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/Microsoft August Patch Tuesday adds AI-surface fixes; critical Azure OpenAI vuln (CVE-2025-53767) — Aug 12–13, 2025Release coverage: https://www.techradar.com/pro/security/microsofts-latest-major-patch-fixes-a-serious-zero-day-flaw-and-a-host-of-other-issues-so-update-nowCVE entry: https://nvd.nist.gov/vuln/detail/CVE-2025-53767 (NVD)Overview: https://www.tenable.com/blog/microsofts-august-2025-patch-tuesday-addresses-107-cves-cve-2025-53779 (Tenable®)NIST proposes SP 800-53 “Control Overlays for Securing AI Systems” — Aug 14, 2025Announcement: https://www.nist.gov/news-events/news/2025/08/nist-releases-control-overlays-securing-ai-systems-concept-paperConcept paper (PDF): https://csrc.nist.gov/csrc/media/Projects/cosais/documents/NIST-Overlays-SecuringAI-concept-paper.pdfIBM 2025 “Cost of a Data Breach”: AI is both breach vector and defender — Jul 30, 2025Press release: https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications%2C-97-of-which-reported-lacking-proper-ai-access-controlsReport: https://www.ibm.com/reports/data-breachAnalysis: https://venturebeat.com/security/ibm-shadow-ai-breaches-cost-670k-more-97-of-firms-lack-controls/ (VentureBeat)OpenAI considers encrypting Temporary Chats; privacy clean-ups after search-indexing scare — Aug 18, 2025Interview: https://www.axios.com/2025/08/18/altman-openai-chatgpt-encrypted-chatsContext: https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/Help center (retention): https://help.openai.com/en/articles/8914046-temporary-chat-faqFake VS Code extension for Cursor leads to $500K crypto theft — July 11, 2025Primary: https://www.scworld.com/news/fake-visual-studio-code-extension-for-cursor-led-to-500k-theft SC MediaResearch write-up: https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/SecurelistCoverage: https://www.bleepingcomputer.com/news/security/malicious-vscode-extension-in-cursor-ide-led-to-500k-crypto-theft/----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro (00:31) - “Poisoned doc” exfiltrates data via ChatGPT Connectors (AgentFlayer) (01:15) - A zero-click prompt injection (02:12) - url_safe bypassed using URLs from Microsoft’s Azure Blob cloud storage (07:08) - Poisoned Google Calendar invite hijacks Gemini to control a smart home (08:35) - The intersection of AI and IOT (09:53) - Be careful what you hook AI up to (10:23) - Derek warns of threat to power grid (11:54) - Mitigations - restrict permissions, sanitize calendar content (13:56) - Patch Tuesday - AI-surface fixes; critical Azure OpenAI vuln (15:49) - NIST proposes SP 800-53 “Control Overlays for Securing AI Systems” (18:43) - IBM “Cost of a Data Breach”: AI is both breach vector and defender (19:16) - Shadow AI (21:49) - “The AI adoption curve is outpacing controls” (23:02) - OpenAI considers encrypting Temporary Chats (26:39) - Data storage and logging LLM interactions (29:59) - Fake VS Code extension for Cursor leads to $500K crypto theft (30:37) - Danger of using pip install as root on a server

  46. 12

    Malware in the Age of AI | EP 18

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comMalware in the Age of AI | Episode 18In Episode 18, hosts Joff Thyer, Derek Banks and Brian Fehrman discuss the rise of AI-powered malware. From polymorphic keyloggers like Black Mamba to the use of ChatGPT, WormGPT, and fine-tuned LLMs for cyberattacks, the team will explain how generative AI is reshaping the security landscape.They'll break down the real risks vs. hype, including prompt injection, jailbreaking, deepfakes, and AI-driven fraud, while also sharing strategies defenders can use to fight back.The discussion highlights both the ethical implications and the critical need for defense-in-depth as threat actors use AI to accelerate their attacks.#AI #Cybersecurity #Malware #AIThreats #Deepfakes #LLM #InfoSec #AIinSecurity #GenerativeAI #Hacking----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro (01:15) - Black Mamba polymorphic AI keylogger (02:47) - Can Chat GPT5 generate malware for us? (03:42) - Guardrail circumvention technique #1 (04:16) - Guardrail circumvention technique #2 (05:30) - Guardrail circumvention technique #3 (05:59) - Guardrail circumvention technique #4 (06:30) - Using an Abliterated Model (08:32) - AI models have democratized software creation (11:20) - Polymorphic keyloggers are not new (12:03) - AI makes it faster to iterate polymorphic malware (12:33) - AI is able to analyze source code and find more vulnerabilities (15:16) - How scared should we be? (hype vs reality) (16:10) - Knowing enough to ask the right questions is important (17:41) - Significant risks of AI fraud and social engineering (19:32) - Business email compromise (21:10) - How defenders can use AI (24:28) - Audio deepfakes have become easier to create (25:06) - Ethical concerns for pentesters using AI (29:26) - In one sentence, how will AI change malware production in the near future?

  47. 11

    Community Q&A | Episode 17

    Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comCommunity Q&A | Episode 17In episode 17 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, Brian Fehrman and Bronwen Aker answer viewer-submitted questions about system prompts, prompt injection risks, AI hallucinations, deep fakes, and when (and when not) to use AI in cybersecurity. They'll discuss the difference between system and user prompts, how temperature settings impact LLM outputs, and the biggest mistakes companies make when deploying AI models. They'll also explain how to reduce hallucinations, and approach AI responsibly in security workflows. Derek explains his method for detecting audio deep fakes.----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ (00:00) - Intro (01:10) - What is a system prompt? How is it different from a user prompt? (03:35) - What are some common system prompt mistakes? (06:54) - Does repeating a prompt give different responses? (non-deterministic) (07:56) - The temperature knob effect (12:18) - When should I use AI? When should I not? (16:47) - What are best practices to reduce hallucinations? (20:29) - End-user temperature knob work-around (22:55) - AI bots that rewrite their code to avoid shutdown commands (26:53) - NCSL.org - Updates on legislation affecting AI (29:44) - How do we detect AI deep fakes? (30:00) - Derek’s DeepFake demo video (30:38) - DISCLAIMER - Do Not use AI deep fakes to break the law! (31:29) - F5-tts.org - Deep fake website (35:02) - Derek pranks his family using AI

  48. 10

    A Conversation with Daniel Miessler | Episode 16

    A Conversation with Daniel MiesslerIn Episode 16, Joff and the team welcome human-centric AI innovator Daniel Miessler, creator of Fabric, an AI framework for solving real-world problems from a human perspective.The conversation covers AI’s role in cybersecurity, the importance of clarity in “intent engineering” over prompt tricks, and the risks and opportunities of deploying large language models. They explore the shift from “vibe coding” to “spec coding,” the rise of AI scaffolding over raw model improvements, and what AI advancements including GPT-5 mean for the future of knowledge work."Introducing Fabric — A Human AI Augmentation Framework"https://www.youtube.com/watch?v=wPEyyigh10gDaniel's GitHub repository:https://github.com/danielmiessler/Fabric#AI #CyberSecurity #AgenticAI #SecurityOps #PromptEngineering

  49. 9

    News of the Month – Episode 15

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comIn this episode, we'll discuss Palo Alto Networks’ acquisition of Protect AI, the rise of “Shadow AI” in enterprises, alarming AI-driven data leaks, and vibe coding gone wrong. We'll dive into critical issues like AI hallucinations and the growing need for "human in the loop" oversight. We'll wrap up with a discussion of Proton’s Lumo AI chatbot, disappearing medical disclaimers in AI chatbots and data poisoning in Amazon's AI coding agent.#AI #Cybersecurity #LLM #AInews #AISecurityOps #BlackHillsInfosec #LLMGuard #ShadowAI #DataLeak #AgenticAI #PrivacyTech #VibeCoding #ProtectAI00:00 - Welcome, Intro00:58 - Palo Alto Networks Completes Acquisition of Protect AIhttps://www.paloaltonetworks.com/company/press/2025/palo-alto-networks-completes-acquisition-of-protect-ai04:53 - Metomic Finds AI Data Leaks Impact 68% of Organizations, But Only 23% Have Proper AI Data Security Policies https://www.metomic.io/resource-centre/metomic-finds-ai-data-leaks-impact-68-of-organizations-but-only-23-have-proper-ai-data-security-policies09:46 - S&P 500’s AI adoption may invite data breaches, new research showshttps://cybernews.com/security/sp-500-companies-ai-security-risks-report/12:53 - Vibe Coding Fiasco: AI Agent Goes Rogue, Deletes Company's Entire Databasehttps://www.pcmag.com/news/vibe-coding-fiasco-replite-ai-agent-goes-rogue-deletes-company-database18:47 - A major AI training data set contains millions of examples of personal datahttps://www.technologyreview.com/2025/07/18/1120466/a-major-ai-training-data-set-contains-millions-of-examples-of-personal-data/23:34 - Introducing Lumo, the AI where every conversation is confidentialhttps://proton.me/blog/lumo-ai28:56 - AI companies have stopped warning you that their chatbots aren’t doctorshttps://www.technologyreview.com/2025/07/21/1120522/ai-companies-have-stopped-warning-you-that-their-chatbots-arent-doctors/36:53 - Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agenthttps://www.404media.co/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent/

  50. 8

    Questions From The Community podcast – Episode 14

    🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comIn Episode 14 of the AI Security Ops Podcast, hosts Joff Thyer, Derek Banks, and Brian Fehrman answer questions submitted by viewers. The team will cover how effective prompt engineering can transform LLMs into workflow accelerators, and debate AI tool strengths— when to use Claude, ChatGPT, or Notebook LM.They'll discuss the importance of human oversight when integrating AI into operations, highlighting the "human-in-the-loop" concept and include ways to explain AI to non-technical audiences.#AI #promptengineering #CyberSecurity #Automation #SecurityOps #claudeai #chatgpt 00:00 - Welcome, Intro02:00 - Q - How do you use AI?02:55 - The importance of effective prompt engineering10:24 - Upcoming workshop - AI Workflow Optimization for Red Teaming12:10 - Q - Which AI for which task? Where should I invest my time?14:12 - Claude for coding in Python & Golang, but not great at Java16:35 - Derek - Initial prompt improvement in Chat GPT, then go to Claude17:37 - NotebookLM for students (https://notebooklm.google/)20:01 - Invest your time in prompt engineering - applicable to any model22:38 - Double check code, understand what it means, do not blindly trust AI output25:17 - Q - How to discuss AI with a non-technical audience28:08 - Talk to LLMs like a child28:54 - AI is not sentient, it's just drawing relevant correlations31:48 - Ask them clarifying questions - what are they trying to ask? What's the context?33:37 - Q - How can you do "Human in the Loop?"35:24 - Don't give your agentic AI too much power - treat it like a junior assistant

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

HOSTED BY

Black Hills Information Security

CATEGORIES

Frequently Asked Questions

How many episodes does AI Security Ops have?

AI Security Ops currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is AI Security Ops about?

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

How often does AI Security Ops release new episodes?

AI Security Ops has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to AI Security Ops?

You can listen to AI Security Ops on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts AI Security Ops?

AI Security Ops is created and hosted by Black Hills Information Security.
URL copied to clipboard!