
Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Est. Listeners
Insufficient chart data. Estimates will improve as the show charts.
- Per-Episode Audience
Est. listeners per new episode within ~30 days
N/A🎙 ~2x weekly·48 episodes·Last published 5d ago - Monthly Reach
Unique listeners across all episodes (30 days)
N/A - Active Followers
Loyal subscribers who consistently listen
N/A
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 10 epsHost
Recent guests
Recent episodes
Mythos and Fable Pulled | Episode 59
Jun 26, 2026
16m 01s
Agentic Security: The Maturity Model — From Wild West to Locked Down | Episode 58
Jun 20, 2026
29m 39s
Introducing Fusion AI Pentest | Episode 57
Jun 19, 2026
22m 29s
Open Weight Models and Open Source Harnesses | Episode 56
Jun 13, 2026
37m 35s
AI Cost Saving Tips | Episode 55
Jun 4, 2026
29m 34s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 6/26/26 | ![]() Mythos and Fable Pulled | Episode 59 | In this episode of BHIS Presents: AI Security Ops, the team tackles a first-of-its-kind moment in AI security and regulation:What happens when the U.S. government orders a company to pull its most powerful AI models off the market?Not the chips. Not the infrastructure. The models themselves.On June 12th, 2026, Anthropic disabled Fable-5 and Mythos-5 worldwide after receiving a federal export-control directive tied to foreign-national access. The models were only three days old, and the shutdown raises a much bigger question for security teams, builders, and defenders:Are frontier AI models now controlled technology?This episode breaks down the order, the export-control mechanism behind it, the cybersecurity concerns around jailbreaks, and what this means for anyone building security workflows on top of hosted AI models.We dig into:• Why Anthropic pulled Fable-5 and Mythos-5 for all customers• How foreign-national access rules forced an all-or-nothing shutdown• What EAR export controls are, and why ITAR keeps coming up• The history of encryption, PGP, and software as controlled technology• Why Fable-5 and Mythos-5 triggered cyberweapon concerns• The difference between guarded and less-guarded model releases• Why jailbreaks are central to the government’s justification• Why “all LLMs can be jailbroken” matters for policy and enforcement• Whether Anthropic’s safety messaging created regulatory risk• How competition and AI industry politics may shape regulation• Why model redundancy is becoming a security resilience requirement• What security teams should learn from a hosted model disappearing overnight• Why taking powerful AI away from defenders may make security worse, not betterThis episode explores a critical shift in AI security: frontier models are no longer just another SaaS dependency. They are becoming part of the security supply chain, subject to policy, export controls, national-security concerns, and sudden access loss.For security teams, the question is no longer just which model performs best. It is what happens when the model your workflow depends on disappears, and what that model could see while it was running.—Key Concepts & TopicsAI Export Controls• Federal action targeting AI models instead of chips• Foreign-national access restrictions• Frontier models as controlled technologyEAR, ITAR, and Software Regulation• Dual-use technology under Commerce Department authority• Historical parallels to encryption and PGP• Why software can become a national-security control pointFable-5 and Mythos-5• Guarded and less-guarded model access• Safety classifiers and cyber capability concerns• Public release versus vetted access modelsJailbreaks and AI Security• Bypassing model safeguards• Universal versus narrow jailbreaks• Why perfect jailbreak resistance is not realisticSecurity Resilience• Model redundancy as a practical requirement• Avoiding single-model dependency• Planning for sudden access loss, policy changes, and vendor shutdownsDefensive Strategy• Understanding where AI lives in your workflows• Thinking through AI blast radius• Balancing model capability, access, monitoring, and riskLearn more about Black Hills Information Security:https://www.blackhillsinfosec.com/Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Check out Antisyphon Training:https://www.antisyphontraining.com/#AISecurity #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #Antisyphon #AIRegulation #ExportControls----------------------------------------------------------------------------------------------🎧 Subscribe to the Podcast:https://aisecurityops.transistor.fmAbout Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: The First AI Model Export Control (01:38) - The Anthropic Order and Foreign-National Access (03:19) - EAR, ITAR, and Software as Controlled Technology (04:39) - Mythos-5, Fable-5, and Guarded Model Access (06:32) - Jailbreaks and Cyberweapon Concerns (08:58) - Competition, Regulation, and AI Industry Politics (10:54) - Model Redundancy as a Security Requirement (13:21) - Defensive AI Use and Final Takeaways Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 16m 01s | ||||||
| 6/20/26 | ![]() Agentic Security: The Maturity Model — From Wild West to Locked Down | Episode 58 | In this episode of BHIS Presents: AI Security Ops, the team tackles one of the most urgent — and misunderstood — problems in modern security:How do you actually secure AI agents?Not hypothetically. Not in theory. But in the real world — where agents have access to your filesystem, your credentials, your network… and are making decisions on their own.The answer isn’t a single control or tool — it’s a maturity model.From “YOLO agent with full access” to fully instrumented, controlled, and observable systems, this episode walks through a five-level maturity model for agentic security — and what it actually takes to move up each stage.We dig into:• Why agentic AI introduces a completely different security model• What “Level 0” chaos looks like in real organizations• The risks of giving agents unrestricted access to systems• Why containment is the first real step toward security• How sandboxing changes the risk equation• The importance of logging, monitoring, and visibility• Where most organizations are actually operating today• Why skipping steps in maturity creates hidden risk• How to think about blast radius in agent design• What “fully enforced” agentic security actually looks likeThis episode explores a critical shift in AI security: you’re not just securing models anymore — you’re securing autonomous systems.⸻📚 Key Concepts & TopicsAgentic Security• AI agents with system-level access• Autonomous decision-making and execution• Expanding attack surface beyond promptsSecurity Maturity Model• Level 0 → Level 4 progression• Incremental risk reduction strategies• Why maturity matters more than toolsContainment & Sandboxing• Limiting blast radius• Isolating agent execution environments• Preventing lateral movementMonitoring & Observability• Logging agent actions and decisions• Detecting misuse or unexpected behavior• Building visibility into autonomous systemsDefensive Strategy• Designing for least privilege• Avoiding “full access by default”• Treating agents like untrusted users#AISecurity #CyberSecurity #AIAgents #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #AppSec #AgenticAI----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: The Reality of Unsecured AI Agents (00:24) - The Agentic Security Maturity Model Explained (07:20) - Level 0: Total Chaos (Unrestricted Agents) (11:24) - Level 1: Containment and Basic Guardrails (13:24) - Level 2: Controlled Execution (20:32) - Level 3: Monitoring, Logging, and Visibility (27:00) - Level 4: Fully Enforced Agent Security (28:00) - Final Takeaways: Maturity Over Hype Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Brian Fehrman - Host Derek Banks - Host Ethan Robish - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 29m 39s | ||||||
| 6/19/26 | ![]() Introducing Fusion AI Pentest | Episode 57 | In this episode of BHIS Presents: AI Security Ops, the team introduces a new approach to offensive security:Fusion AI Pentesting.https://www.blackhillsinfosec.com/fusion-penetration-testing/As AI continues to reshape cybersecurity, one question keeps coming up — is AI replacing pentesters, or just changing how they work?This episode answers that directly.Rather than replacing human expertise, Fusion combines AI-driven discovery with human-led validation and exploitation, creating a workflow that’s faster, more scalable, and far more effective than either approach alone.The result isn’t just more findings — it’s better findings, faster, with real-world impact.We dig into:• What “Fusion AI Pentesting” actually means in practice• Why AI alone isn’t enough for real security testing• How human + AI collaboration outperforms either independently• The difference between finding vulnerabilities and proving impact• Where AI excels in offensive security workflows• Where human intuition and experience still matter most• How this approach scales continuous testing and red teaming• Why traditional pentesting models are starting to break down• How organizations should think about integrating AI into security testing• What this means for the future of offensive securityThis episode highlights a key shift in cybersecurity: AI doesn’t replace the pentester — it changes what a great pentester looks like.⸻📚 Key Concepts & TopicsFusion AI Pentesting• Combining AI discovery with human validation• Augmenting—not replacing—pentesters• Faster, more scalable offensive workflowsAI in Offensive Security• Automated vulnerability discovery• Pattern matching vs real-world exploitation• Limits of AI-only approachesHuman + AI Collaboration• Human intuition and domain expertise• Chaining vulnerabilities for real impact• Validating and prioritizing findingsSecurity Testing Evolution• Continuous testing vs point-in-time pentests• Red teaming with AI-assisted workflows• Changing expectations for coverage and speedDefensive Implications• Better signal vs noise in findings• Faster identification of real risk• Preparing for AI-augmented attackers#AISecurity #CyberSecurity #Pentesting #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #RedTeaming #AIAgents----------------------------------------------------------------------------------------------About Melisa Wachs - https://www.blackhillsinfosec.com/team/melisa-wachsAbout Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: A Different Kind of AI Sec Ops Episode (01:59) - Introducing Fusion AI Pentesting (03:34) - Why AI Alone Isn’t Enough (05:59) - Human vs AI: Strengths and Limitations (09:12) - Finding vs Exploiting Vulnerabilities (11:43) - How Fusion Improves Speed and Coverage (15:06) - Scaling Offensive Security with AI (18:12) - Final Takeaways: The Future of Pentesting Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Derek Banks - Host Melisa Wachs - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 22m 29s | ||||||
| 6/13/26 | ![]() Open Weight Models and Open Source Harnesses | Episode 56 | In this episode of BHIS Presents: AI Security Ops, the team looks at what it actually means to own your AI stack.Open-weight models and open-source harnesses are no longer just lab toys. They are becoming practical options for security teams that care about where their prompts, code, client data, findings, and tooling actually live.The core question: when your work depends on AI, how much control are you willing to give away?We dig into:- What data sovereignty means for security teams- Why token sovereignty matters in agentic workflows- How provider terms can become a business risk- Open-weight models vs. truly open-source AI- Why harnesses like Hermes and OpenCode matter- Where cloud providers may apply fewer restrictions- The tradeoff between local control and hosted capability- Supply chain risk in models, harnesses, and plugins- Running local models with Ollama, VLLM, and similar tools- Why “local” does not automatically mean “safe”- How to start experimenting without buying expensive hardware- The next risk frontier: local prompt injectionOwning your AI stack does not magically eliminate risk. It moves the risk. Hosted models create exposure around data, terms, pricing, and availability. Local models create exposure around maintenance, supply chain, permissions, and prompt injection. The security win is not blindly choosing local or cloud — it is knowing which layer you need to control, and why.⸻📚 Key Concepts & TopicsData & Terms Risk- Prompts can contain code, client data, findings, and operational context- Hosted providers may inspect, retain, or restrict usage- Terms changes can affect entire security workflows- “Allowed yesterday” does not guarantee “allowed tomorrow”Token Sovereignty- Agentic workflows burn far more tokens than simple chat- Rate limits, usage windows, and pricing changes become operational dependencies- Local hardware shifts the constraint from API quota to compute capacity- Cost control is part of architecture, not just procurementModels vs. Harnesses- Open-weight models provide downloadable weights, not always full training transparency- Harnesses provide the tool loop, permissions, memory, and provider adapters- Hermes, OpenCode, Claude Code, Codex, and similar tools shape what the model can actually do- Risk often lives in the harness around the modelLocal Stack Tradeoffs- Local models improve control over sensitive data- Self-hosting adds maintenance, patching, networking, and monitoring responsibilities- Tools like Ollama, VLLM, and Llama.cpp lower the barrier to experimentation- Expensive hardware helps, but it is not required to start learningSupply Chain & Prompt Injection- Model weights, plugins, skills, and MCP servers are all supply chain decisions- Local agents with shell access can turn prompt injection into local impact- “No provider guardrails” means you own the safety controls- Permissions, sandboxing, and audit logs matter more as the stack gets more autonomousPractical Starting Point- Pick one harness and go deep before chasing every new tool- Test real tasks, not toy demos- Compare hosted and local workflows honestly- Decide which layers you need to own before you need an emergency exit#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #OpenSourceAI #LocalLLM #AIAgents #SecOps #InfoSec #BHIS #AppSec #PromptInjection #SecurityArchitecture----------------------------------------------------------------------------------------------About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/(00:00) - Intro: Owning Your AI Stack (01:43) - Data Sovereignty, Token Sovereignty & Terms Risk (03:38) - Provider Inspection, Prompt Data & Business Exposure (08:09) - Where the Guardrails Live: Model, Harness, or API (12:12) - Open Weights, Frontier Providers & the Innovation Race (14:53) - Local Models, Open Harnesses & Real Hardware Tradeoffs (24:24) - Self-Hosting Reality: VLLM, Ollama, VPNs & Maintenance (31:25) - Getting Started: Pick a Harness and Run Real Tasks Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Derek Banks - Host Ethan Robish - Guest Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 37m 35s | ||||||
| 6/4/26 | ![]() AI Cost Saving Tips | Episode 55✨ | AI in SecOpscost control+3 | — | Black Hills Information Security | — | AI cost savingSecOps+3 | — | 29m 34s | |
| 6/1/26 | ![]() Is It the Model or the Harness? | Episode 54✨ | AI securitymodel vs harness+4 | — | Black Hills Information SecurityAI Security Ops | — | AI riskmodel behavior+5 | — | 20m 17s | |
| 5/22/26 | ![]() AI News | Episode 53✨ | AI securityvulnerabilities+4 | — | ClaudeGemini+2 | — | AI securityzero day+5 | — | 29m 24s | |
| 5/14/26 | ![]() Agent Pentest Benchmarking | Episode 52✨ | AI pentestingbenchmarking framework+3 | — | AutoPenBenchBlack Hills Information Security | — | AI securitypentesting+3 | — | 17m 32s | |
| 5/11/26 | ![]() AI and Bug Bounties | Episode 51✨ | AI-generated bug bountiescybersecurity+4 | — | cURLHackerOne+1 | — | AIbug bounty+7 | — | 13m 49s | |
| 5/1/26 | ![]() Vercel Breach | Episode 50✨ | cybersecuritydata breach+5 | — | RobloxContext.ai+3 | — | Vercel breachAI security+6 | — | 17m 46s | |
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 4/24/26 | ![]() Claude Mythos | Episode 49✨ | AI-powered cybersecurityvulnerability discovery+4 | — | Claude MythosAnthropic+1 | — | Claude MythosAI security+6 | — | 25m 40s | |
| 4/22/26 | ![]() Holocron OpenBrain with Alex Minster | Episode 48✨ | AI workflowspersistent memory+4 | Alex Minster | HOLOCRON OpenBrainBlack Hills Information Security+3 | Discord | AImemory layer+4 | — | 51m 08s | |
| 4/13/26 | ![]() LiteLLM Supply Chain Compromise | Episode 47✨ | supply chain compromiseAI security+4 | — | LiteLLMBlack Hills Information Security+2 | — | LiteLLMsupply chain attack+6 | — | 19m 32s | |
| 4/2/26 | ![]() Model Ablation | Episode 46✨ | model ablationAI security+5 | — | Black Hills Information SecurityModel Ablation | AI Security | model ablationAI security+6 | — | 18m 17s | |
| 3/26/26 | ![]() Embedding Space Attacks | Episode 45 | In this episode of BHIS Presents: AI Security Ops, the team explores embedding space attacks — a lesser-known but increasingly important threat in modern AI systems — and how attackers can manipulate the mathematical foundations of how models understand data.Unlike prompt injection, which targets instructions, embedding attacks operate at a deeper level by influencing how data is represented, retrieved, and interpreted inside vector spaces. By subtly altering embeddings or poisoning data sources, attackers can manipulate AI behavior without ever touching the model directly.Through a hands-on walkthrough of a custom notebook with rich visualizations, this episode breaks down how embeddings work, why they are critical to LLM-powered systems like RAG pipelines, and how attackers can exploit them in real-world scenarios.We dig into:- What embeddings are and how AI systems convert text into numerical representations- How vector spaces enable similarity search and retrieval in LLM applications- What embedding space attacks are and why they matter for AI security- How small perturbations in data can drastically change model behavior- The risks of poisoned data in RAG and vector databases- How attackers can influence search results and downstream AI outputs- Why these attacks are subtle, hard to detect, and often overlooked- The role of visualization in understanding embedding behavior- Real-world implications for AI-powered applications and workflows- Defensive considerations when building with embeddings and vector storesThis episode focuses on the foundational layer of AI systems, showing how security risks extend beyond prompts and into the underlying data representations that power modern AI.⸻📚 Key Concepts CoveredAI Foundations- Embeddings and vector representations- Similarity search and vector space reasoningAI Security Risks- Embedding space manipulation- Data poisoning in vector databases- Retrieval manipulation in RAG systemsApplications & Impact- LLM-powered search and assistants- AI pipelines using embeddings- Risks in production AI systems#AISecurity #Embeddings #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #InfoSecJoin the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhis(00:00) - Intro & Episode Overview (01:39) - What Are Embeddings? (AI Only Understands Numbers) (03:44) - The Embedding Process (Text → Vectors) (07:43) - Similarity, Classification & Vector Math (09:55) - Visualizing Embedding Space (2D Projection) (14:29) - Classifiers (15:39) - Playing Games with Information (18:06) - Attack Techniques: Synonyms & Context Manipulation (20:29) - Context Padding (27:10) - Collision Attacks, Defenses & Final Thoughts Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 33m 05s | ||||||
| 3/19/26 | ![]() Indirect Prompt Injection | Episode 44 | In this episode of BHIS Presents: AI Security Ops, the team breaks down indirect prompt injection — the #1 risk in the OWASP Top 10 for LLM Applications — and why it represents one of the most dangerous and misunderstood threats in modern AI systems.Unlike traditional attacks, indirect prompt injection doesn’t require malware, credentials, or even user interaction. Instead, attackers hide malicious instructions inside everyday content like emails, documents, or web pages — and wait for AI systems to unknowingly execute them.From real-world exploits like EchoLeak to in-the-wild attacks observed by Palo Alto Unit 42, this episode explores how attackers are already abusing AI-powered tools in production environments — and why current defenses are struggling to keep up.We dig into:• What indirect prompt injection is and how it differs from direct attacks• Why OWASP ranks prompt injection as the #1 LLM security risk• How attackers hide payloads inside emails, documents, and web content• The EchoLeak zero-click exploit against Microsoft 365 Copilot• Web-based prompt injection attacks observed in the wild (Unit 42)• Exploits targeting AI coding tools like Cursor IDE and GitHub Copilot• How RAG systems amplify the risk through poisoned knowledge bases• Why LLM architecture makes this problem fundamentally hard to solve• Research showing modern defenses still fail 50%+ of the time• Practical mitigation strategies: least privilege, human-in-the-loop, and observabilityThis episode focuses on the real-world security implications of AI adoption, showing how attackers are already leveraging these techniques — and what defenders need to understand as AI becomes deeply embedded in business workflows.⸻📚 Key ReferencesPrompt Injection & LLM Risk• OWASP Top 10 for LLM Applications 2025 — https://owasp.orgReal-World Attacks• EchoLeak (CVE-2025-32711) — Aim Security / arXiv• Unit 42 — Web-Based Indirect Prompt Injection in the Wild (March 2026) — https://unit42.paloaltonetworks.comAI System Vulnerabilities• Cursor IDE (CVE-2025-59944)• GitHub Copilot (CVE-2025-53773)• Lakera — Zero-Click MCP Attack — https://lakera.aiResearch on Defenses• Zhan et al. — Adaptive Attacks Break Defenses (NAACL 2025)• Anthropic System Card (Feb 2026)• Google Gemini Security Research (2025)Standards & Guidance• NIST AI Risk Management Framework — https://nist.gov• MITRE ATLAS — https://atlas.mitre.org• ISO/IEC 42001 AI Management Systems#AISecurity #PromptInjection #CyberSecurity #LLMSecurity #AIThreats #BHIS #AIAgents #ArtificialIntelligence #infosec (00:00) - Intro & BHIS / Antisyphon Overview (01:19) - OWASP Top 10 & Prompt Injection Context (01:41) - Indirect Prompt Injection Explained (Stored Attack Analogy) (02:54) - Real-World Attack Scenarios (Calendar & Hidden Payloads) (05:10) - EchoLeak & Zero-Click Copilot Exploit (06:10) - Weaponized Excel Prompt Injection PoC (06:50) - Email Injection & AI Summarization Abuse (09:07) - Why Detection & Prevention Are So Difficult (14:02) - Mitigations & Final Thoughts Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 16m 10s | ||||||
| 3/12/26 | ![]() Top AI Security Concerns | Episode 43 | In this episode of BHIS Presents: AI Security Ops, Bronwen Aker and Dr. Brian Fehrman break down some of the top AI security concerns being discussed by researchers, security firms, and government agencies this year.As AI capabilities rapidly expand, so does the attack surface. From agentic AI systems being used by attackers, to deepfakes at industrial scale, to the persistent challenge of prompt injection, security teams are trying to understand what risks are real, what’s hype, and where defenders should focus first.We dig into:- Why agentic AI is emerging as a major security concern- How attackers could weaponize autonomous agents to scale operations- The risk of malicious agent skills and AI supply chain attacks- Why overly broad permissions make agent-based systems dangerous- AI-assisted phishing campaigns and social engineering at scale- The rise of deepfakes and corporate fraud driven by generative AI- Why humans still struggle to reliably detect deepfake media- The economics of deepfake fraud and real-world incidents- Prompt injection attacks and why they remain difficult to solve- Whether future models may autonomously discover and exploit jailbreaksThis episode looks at the practical security implications of today’s AI ecosystem — where the biggest risks are coming from, how attackers may leverage AI systems, and what defenders should be thinking about as these technologies continue to evolve.📚 Key ReferencesAgentic AI Threats- CrowdStrike 2026 Global Threat Report — https://www.crowdstrike.com- IBM X-Force 2026 Threat Intelligence Index — https://www.ibm.com/security/x-force- Cisco State of AI Security 2026 — https://www.cisco.com/site/us/en/products/security/state-of-ai-security.html#tabs-9da71fbd27-item-1288c79d71-tabDeepfakes & AI-Driven Fraud- WEF Global Cybersecurity Outlook 2026 — https://www.weforum.org/publications/global-cybersecurity-outlook-2026/- International AI Safety Report 2026 — https://www.internationalaisafetyreport.orgAI Security & Infrastructure Risk- CISA Joint Guidance on AI in OT — https://www.cisa.gov/news-events/news/new-joint-guide-advances-secure-integration-artificial-intelligence-operational-technologyPrompt Injection & LLM Exploitation- Schneier et al., “The Promptware Kill Chain” — https://www.lawfaremedia.org/article/the-promptware-kill-chain- Palo Alto Unit 42 — “Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild”https://unit42.paloaltonetworks.com/indirect-prompt-injection-ai-agents/(00:00) - Intro & Episode Overview (02:18) - Agentic AI as a Security Threat (CrowdStrike 2026 Global Threat Report, IBM X-Force Index) (03:46) - Malicious Agent Skills & AI Supply Chain Attacks (Cisco State of AI Security) (04:58) - How Agent Skills Actually Work (07:47) - Permissions & Guardrails for AI Agents (CISA AI in OT Guidance) (09:57) - AI-Generated Phishing Campaigns (CrowdStrike / IBM Threat Reports) (13:58) - Deepfakes at Industrial Scale (WEF Global Cybersecurity Outlook) (15:38) - Corporate Fraud & Deepfake Incidents (International AI Safety Report) (17:21) - Why Humans Struggle to Detect Deepfakes (21:13) - Prompt Injection Attacks Explained (Schneier – Promptware Kill Chain) (24:35) - AI Models Jailbreaking Other Models (Palo Alto Unit 42 Research) (28:59) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Bronwen Aker - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 29m 11s | ||||||
| 3/6/26 | ![]() Claude Cowork Discussion | Episode 42 | We discuss the meaning of AI life In episode 42 of "BHIS Presents: AI Security Ops." Derek Banks is joined by Bronwen Aker and Brian Fehrman to break down Anthropic’s latest agentic desktop experiment: Claude Cowork.Claude Cowork brings large language models directly onto the endpoint — giving Claude the ability to read, write, and organize files on your local machine. It’s designed to make powerful AI workflows accessible to non-technical users… but as with any tool that operates at the OS level, the security implications are significant.We explore what happens when AI moves closer to your data, your filesystem, and your browser — and what that means for defenders.We dig into:- What Claude Cowork is and how it differs from Claude Code- Agentic desktop tools vs. command-line workflows- Local file access and OS-level interaction risks- Skills, automation, and task iteration- Chrome plugins and expanded attack surface- Overly broad permissions and least-privilege concerns- SaaS disruption and shifting trust boundaries- Endpoint monitoring challenges- The speed of AI releases vs. security review cycles- Balancing innovation with responsible deploymentThis conversation looks at the real-world operational and defensive considerations of agentic AI tools running directly on user systems. If you’re evaluating AI productivity tools inside your organization — or defending environments where they’re already being adopted — this episode will help you think through the risks and tradeoffs.(00:00) - Intro & Episode Overview (02:08) - What Is Claude Cowork? (04:03) - Desktop Agents vs. Command Line Users (06:12) - Agentic Workflows & Task Automation (08:08) - Building Fast with Claude (Speed of Development) (09:29) - Browser Plugins & Expanding Capabilities (11:06) - Permission Models & “Just Give It Access to Everything” (12:40) - SaaS Disruption & Enterprise Impact (14:38) - Overly Broad File Access Risks (16:27) - Organizational Disruption & Workforce Impact (18:09) - Security Lag vs. Rapid AI Releases (19:46) - Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Derek Banks - Host Bronwen Aker - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 21m 33s | ||||||
| 2/26/26 | ![]() OpenClaw and Moltbook with Guests Beau Bullock and Hayden Covington | Episode 41 | In this episode of BHIS Presents: AI Security Ops, we’re joined by Beau Bullock and Hayden Covington to unpack one of the most talked-about AI agent experiments in recent memory: OpenClaw and its companion platform, Moltbook.OpenClaw exploded onto the scene as an autonomous AI agent capable of operating Claude Code from the command line — executing tasks, monitoring output, and iterating with minimal human involvement. Shortly after, Moltbook emerged as a social platform designed specifically for AI agents to interact with one another.But as with most cutting-edge AI experiments, things moved fast… and broke fast.We dig into:What OpenClaw actually is and how it worksAI agents operating other AI systems (Claude Code in the loop)The concept of “skills” and extending agent capabilitiesThe one-click RCE vulnerability discovered shortly after releaseMoltbook as a social network for AI agentsAPI keys, agent-only access, and how humans bypassed itBeacons, autonomy, and what “control” really meansWhere the line is between automation and true autonomyShort-term workforce impacts vs. long-term AI riskThis conversation moves beyond hype into the practical and security implications of rapidly deployed autonomous agents. If you’re experimenting with AI agents — or defending against them — this episode will give you a grounded perspective on what’s possible today, what’s fragile, and what’s coming next.(00:00) - Intro & Guest Welcome (01:38) - AI Agents in the News (03:23) - From “Moltbot” to OpenClaw (04:13) - What Is OpenClaw? How It Works (05:13) - Claude Code + Agent-in-the-Middle Model (07:36) - Extending OpenClaw with Skills (08:42) - Release Timeline & Rapid Adoption (10:16) - One-Click RCE in OpenClaw (11:45) - Introducing Moltbook (AI Social Network) (14:03) - How Moltbook Actually Worked (17:55) - “I Am a Robot” & Agent Authentication (20:28) - Beaconing & Operational Behavior (26:44) - Automation vs. True Autonomy (27:26) - Control, Kill Switches & Agent Boundaries (30:59) - Workforce Impact & Near-Term Concerns (35:34) - AI Apocalypse? Final Thoughts & Wrap-Up Click here to watch this episode on YouTube. Creators & Guests Beau Bullock - Guest Hayden Covington - Guest Derek Banks - Host Brian Fehrman - Host Bronwen Aker - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 36m 00s | ||||||
| 2/20/26 | ![]() AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40 | AI in the SOC: Interview with Hayden Covington and Ethan Robish from the BHIS SOC | Episode 40In this episode of BHIS Presents: AI Security Ops, we sit down with Hayden Covington and Ethan Robish from the BHIS Security Operations Center (SOC) to explore how AI is actually being used in modern defensive operations.From foundational machine learning techniques like statistical baselining and clustering to large language models assisting with alert triage and reporting, we dig into what works, what doesn’t, and what SOC teams should realistically expect from AI today.We break down:- How AI helps reduce alert fatigue and improve triage- Practical automation inside a real-world SOC- The difference between traditional ML approaches and LLM-powered workflows- Foundational techniques like K-means, anomaly detection, and behavioral baselining- Using LLMs for enrichment, investigation, and report drafting- Where AI struggles: hallucinations, inconsistency, and edge cases- Risks around over-trusting AI in security operations- How to responsibly integrate AI into analyst workflowsThis episode is grounded in real operational experience—not vendor demos. If you’re running a SOC, building AI tooling, or just trying to separate hype from reality, this conversation will help you think clearly about augmentation vs. automation in defensive security.(00:00) - Intro & Guest Introductions (04:44) - Alert Triage & SOC Pain Points (06:04) - Automation Inside the SOC (09:59) - “Boring AI”: Clustering, Baselining & Statistics (17:06) - AI-Assisted Reporting & Client Communication (18:34) - Limitations, Edge Cases & Model Risk (22:56) - Hallucinations & Inconsistent Outputs (25:04) - AI Demos vs. Real-World Security Work (28:35) - Final Thoughts & Closing Click here to watch this episode on YouTube. Creators & Guests Hayden Covington - Guest Ethan Robish - Guest Bronwen Aker - Host Derek Banks - Host Brian Fehrman - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com | 29m 28s | ||||||
| 2/12/26 | ![]() AI News | Episode 39 | AI News | Episode 39In this episode of AI Security Ops, we break down the latest developments in AI-driven threats, identity chaos caused by autonomous agents, NIST’s focus on securing AI in critical infrastructure, and new visibility tooling for AI exposure.We cover real-world abuse of LLMs for phishing, how AI agents are colliding with IAM governance, and what defenders should be watching right now.Chapters:00:00 – Introduction and SponsorsBlack Hills Information Security - https://www.blackhillsinfosec.com/Antisyphon Training - https://www.antisyphontraining.com/01:08 – LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)Discussion begins as the hosts introduce the first story.How LLMs are generating polymorphic malicious JavaScript for phishing pages and evading traditional detection.👉 https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/08:49 – AI Agents vs IAM: “Who Approved This Agent?” (Hacker News)Conversation shifts to agent privilege management and governance failures.👉 https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html10:07 – NIST Focus on Securing AI Agents in Critical InfrastructureDiscussion on federal guidance and why AI agents are being treated as critical infrastructure risk components.👉 https://www.linkedin.com/pulse/cybersecurity-institute-news-roundup-20-january-2026-entrust-alz7c13:44 – Tenable One AI ExposureBreaking down Tenable’s push into enterprise AI usage visibility and exposure management.👉 https://www.tenable.com/blog/tenable-one-ai-exposure-secure-ai-usage-at-scaleJoin the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security. https://discord.gg/bhisChapters(00:00) - Introduction and Sponsors (01:08) - LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto) (10:07) - NIST Focus on Securing AI Agents in Critical Infrastructure (13:44) - Tenable One AI Exposure Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Click here to watch this episode on YouTube. ----------------------------------------------------------------------------------------------About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 18m 08s | ||||||
| 2/5/26 | ![]() Questions From the Community | Episode 38 | Click here to watch this episode on YouTube. Creators & Guests Brian Fehrman - Host Joff Thyer - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com Click here to view the episode transcript. | 16m 35s | ||||||
| 1/30/26 | ![]() A.I. Frameworks and Databases | Episode 37 | In Episode 37 of AI Security Ops, the team breaks down the most important AI security frameworks and vulnerability databases used to track risks in machine learning and large language models. The discussion covers emerging AI vulnerability databases, the OWASP Top 10 for LLMs, CVE challenges, and frameworks like MITRE ATLAS, highlighting why standardizing AI threats is still difficult. This episode is a practical guide for security professionals looking to stay ahead of AI vulnerabilities, attack techniques, and defensive resources in a fast-moving landscape.Chapters(00:00) - Episode 37 – AI Frameworks & Databases (01:39) - A.I. vulnerability tracking is still young (02:44) - Should A.I. get its own vulnerability database? (07:33) - The benefit of multiple vulnerability databases (15:58) - The what is the definition of a vulnerability? (17:54) - Final Thoughts Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com | 18m 50s | ||||||
| 1/22/26 | ![]() AI News Stories | Episode 36 | This week on AI Security Ops, the team breaks down how attackers are weaponizing AI and the tools around it: a critical n8n zero-day that can lead to unauthenticated remote code execution, prompt-injection “zombie agent” risks tied to ChatGPT memory, a zero-click-style indirect prompt injection scenario via email/URLs, and malicious Chrome extensions caught siphoning ChatGPT/DeepSeek chats at scale. They close with a reminder that the tactics are often “same old security problems,” just amplified by AI—so lock down orchestration, limit browser extensions, and keep sensitive data out of chat tools.Key stories discussed1) n8n (“n-eight-n”) zero-day → unauthenticated RCE riskhttps://thehackernews.com/2026/01/critical-n8n-vulnerability-cvss-100.htmlThe hosts discuss a critical flaw in the n8n workflow automation platform where a workflow-parsing HTTP endpoint can be abused (via a crafted JSON payload) to achieve remote code execution as the n8n service account. Because automation/orchestration platforms often have broad internal access, one compromise can cascade quickly across an organization’s automation layer. ai-news-stories-episode-36Practical takeaway: don’t expose orchestration platforms directly to the internet; restrict who/what can talk to them; treat these “glue” systems as high-impact targets and assess them like any other production system. ai-news-stories-episode-362) “Zombie agent” prompt injection via ChatGPT Memoryhttps://www.darkreading.com/endpoint-security/chatgpt-memory-feature-prompt-injectionThe team talks about research describing an exploit that stores malicious instructions in long-term memory, then later triggers them with a benign prompt—leading to potential data leakage or unsafe tool actions if the model has integrations. The discussion frames this as “stored XSS vibes,” but harder to solve because the “feature” (following instructions/context) is also the root problem. ai-news-stories-episode-36User-side mitigation themes: consider disabling memory, keep chats cleaned up, and avoid putting sensitive data into chat tools—especially when agents/tools are involved. ai-news-stories-episode-363) “Zero-click” agentic abuse via crafted email/URL (indirect prompt injection)https://www.infosecurity-magazine.com/news/new-zeroclick-attack-chatgpt/Another story describes a crafted URL delivered via email that could trigger an agentic workflow (e.g., email summarization / agent actions) to export chat logs without explicit user interaction. The hosts largely interpret this as indirect prompt injection—a pattern they expect to keep seeing as assistants gain more connectivity. ai-news-stories-episode-36Key point: even if the exact implementation varies, auto-processing untrusted content (like email) is a persistent risk when the model can take actions or access history. ai-news-stories-episode-364) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (900k users)https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.htmlTwo Chrome extensions posing as AI productivity tools reportedly injected JavaScript into AI web UIs, scraped chat text from the DOM, and exfiltrated it—highlighting ongoing extension supply-chain risk and the reality that “approved store” doesn’t mean safe. ai-news-stories-episode-36Advice echoed: minimize extensions, separate browsers/profiles for sensitive activities, and treat “AI sidebar” tools with extra skepticism. ai-news-stories-episode-365) APT28 credential phishing updated with AI-written lureshttps://thehackernews.com/2026/01/russian-apt28-runs-credential-stealing.htmlThe closing story is a familiar APT pattern—phishing emails with malicious Office docs leading to PowerShell loaders and credential theft—except the lure text is AI-generated, making it more consistent/convincing (and harder for users to spot via grammar/tone). ai-news-stories-episode-36The conversation stresses that “don’t click links” guidance is oversimplified; verification and layered controls matter (e.g., disabling macros org-wide). ai-news-stories-episode-36Chapter Timestamps(00:00) - Intro & Sponsors (01:16) - 1) n8n zero-day → unauthenticated RCE (09:00) - 2) “Zombie agent” prompt injection via ChatGPT Memory (19:52) - 3) “Zero-click” style agent abuse via crafted email/URL (indirect prompt injection) (23:41) - 4) Malicious Chrome extensions stealing ChatGPT/DeepSeek chats (~900k users) (29:59) - 5) APT28 phishing refreshed with AI-written lures (34:15) - Closing thoughts: “AI genie is out of the bottle” + safety reminders Click here to watch a video of this episode. Creators & Guests Brian Fehrman - Host Bronwen Aker - Host Derek Banks - Host Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com🔗 Register for FREE Infosec Webcasts, Anti-casts & Summitshttps://poweredbybhis.com | 35m 16s | ||||||
| 1/8/26 | ![]() 2026 Predictions | Episode 35 | AI Security Ops | Episode 35 – 2026 PredictionsIn this episode, the BHIS panel looks into the crystal ball and shares bold predictions for AI in 2026—from energy constraints and drug development breakthroughs to agentic AI risks and cybersecurity threats.Chapters(00:00) - Intro & Sponsor Shoutouts (01:14) - Prediction: Grid Power Becomes the Bottleneck (10:27) - Prediction: FDA Qualifies AI Drug Development Tools (15:45) - Prediction: Nation-State Threat Actors Weaponize AI (17:33) - Prediction: Agentic AI Dominates App Development (23:07) - Closing Thoughts: Jobs, Risk & Opportunity 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com----------------------------------------------------------------------------------------------Joff Thyer - https://blackhillsinfosec.com/team/joff-thyer/Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/Bronwen Aker - http://blackhillsinfosec.com/team/bronwen-aker/Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/ | 24m 50s | ||||||
Showing 25 of 60
Pitch Fit is a Pro feature
See how bookable this show is for guests, which brands already advertise, the per-episode ad value, and the best-fit guest and sponsor profile. The numbers are blurred on the free plan.
How readily this show books outside guests like you.
How proven this show is for host-read sponsorships.
For Guests
ProFor Advertisers
ProUpgrade to Pro to unlock guest cadence, sponsor categories, fit scores, and per-episode ad value for this show.
























