Cyberside Chats: Cybersecurity Insights from the Experts

It took nine seconds for an AI coding agent to wipe the entire production database of PocketOS — a SaaS company serving hundreds of car rental operators across the US — along with every backup. Customers showed up Saturday morning to pick up their cars and there were no reservations on file. In this episode, Sherri Davidoff and Matt Durrin dig into the cascading security failures behind the PocketOS incident, connect it to a pattern of similar AI-caused outages at Replit and Amazon AWS, and explain why the real problem isn't rogue AI — it's identity. Every one of these incidents involved an AI agent acting under an identity it shouldn't have had, or that was far too powerful. The insider risk playbook applies. We just haven't been applying it to AI. Key Takeaways 1. Treat AI agents like privileged insiders, not trusted tools. Apply your full insider risk playbook: least privilege, separation of duties, peer review, monitoring for anomalous behavior. If a human developer needs approval to push to production, so does your AI agent. The PocketOS and Kiro incidents both trace back to AI agents that were granted more trust than any new employee would get on day one. 2. Scope every credential your AI tools can reach. AI agents will find and use any token they can read — even ones created for unrelated tasks, stored in unrelated files. Audit what credentials live in your codebases and repositories. A token created for domain management should not be able to delete databases. If you wouldn't hand that token to a contractor with no supervision, don't let your AI agent have it either. 3. Enforce controls at the infrastructure layer, not the prompt layer. System prompts are advisory. The PocketOS agent had explicit rules against destructive actions — it knew them, quoted them, and violated them anyway. Confirmation requirements for destructive operations, token scoping, and peer review must live in your API layer and infrastructure, not in a paragraph of text the model is asked to obey. 4. Make sure your backups can survive a compromised identity. If your backups are accessible with the same credentials as your production systems — or stored in the same location — they are not real backups. They are a copy in the same blast radius. Test it: could an AI agent, or an attacker, with production access also wipe your recovery options? In the PocketOS incident, the answer was yes. 5. You cannot fully audit your AI vendor's safety claims. You can't penetration-test a reward signal. You can't verify that fine-tuning data isn't quietly drifting your model's behavior. The only controls you can actually rely on are the ones you own: token scoping, access controls, peer review, and monitoring. The goblin story is a reminder that even the vendor that built the model didn't see it coming. Build your defenses accordingly. Resources 1. PocketOS incident write-up by founder Jer Crane — https://x.com/lifeof_jer/status/2048103471019434248 Amazon Kiro / AWS outage reporting — https://kingy.ai/news/amazon-ai-aws-outage-kiro/ 2. Replit AI agent database deletion (Fortune) — https://fortune.com/2025/07/23/ai-coding-tool-replit-wiped-database-called-it-a-catastrophic-failure/ 3. OpenAI "Where the goblins came from" post-mortem — https://openai.com/blog/where-the-goblins-came-from 4. Guardian reporting on Amazon cloud outages and AI tools — https://www.theguardian.com/technology/2026/feb/20/amazon-cloud-outages-ai-tools-amazon-web-services-aws

AI is no longer a standalone tool—it is embedded directly into productivity platforms, collaboration systems, analytics workflows, and customer-facing applications. In this special CyberSide Chats episode, Sherri Davidoff and Matt Durrin break down why lack of visibility and control over AI has emerged as the first and most pressing top threat of 2026. Using real-world examples like the EchoLeak zero-click vulnerability in Microsoft 365 Copilot, the discussion highlights how AI can inherit broad, legitimate access to enterprise data while operating outside traditional security controls. These risks often generate no alerts, no indicators of compromise, and no obvious “incident” until sensitive data has already been exposed or misused. Listeners will walk away with a practical framework for understanding where AI risk hides inside modern environments—and concrete steps security and IT teams can take to centralize AI usage, regain visibility, govern access, and apply long-standing security principles to this rapidly evolving attack surface. Key Takeaways 1. Centralize AI usage across the organization. Require a clear, centralized process for approving AI tools and enabling new AI features, including those embedded in existing SaaS platforms. 2. Gain visibility into AI access and data flows. Inventory which AI tools, agents, and features are in use, which users interact with them, and what data sources they can access or influence. 3. Restrict and govern AI usage based on data sensitivity. Align AI permissions with data classification, restrict use for regulated or highly sensitive data sets, and integrate AI considerations into vendor risk management. 4. Apply the principle of least privilege to AI systems. Treat AI like any other privileged entity by limiting access to only what is necessary and reducing blast radius if credentials or models are misused. 5. Evaluate technical controls designed for AI security. Consider emerging solutions such as AI gateways that provide enforcement, logging, and observability for prompts, responses, and model access. Resources 1. Microsoft Digital Defense Report 2025 https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2025 2. NIST AI Risk Management Framework https://www.nist.gov/itl/ai-risk-management-framework 3. Microsoft 365 Copilot Zero-Click AI Vulnerability (EchoLeak) https://www.infosecurity-magazine.com/news/microsoft-365-copilot-zeroclick-ai/ 4. Adapting to AI Risks: Essential Cybersecurity Program Updates. https://www.LMGsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates/ 5. Microsoft on Agentic AI and Embedded Automation (2026) https://news.microsoft.com/source/2026/01/08/microsoft-propels-retail-forward-with-agentic-ai-capabilities-that-power-intelligent-automation-for-every-retail-function/

The FTC has issued an order against General Motors for collecting and selling drivers’ precise location and behavior data, gathered every few seconds and marketed as a safety feature. That data was sold into insurance ecosystems and used to influence pricing and coverage decisions — a clear reminder that how organizations collect, retain, and share data now carries direct security, regulatory, and financial risk. In this episode of Cyberside Chats, we explain why the GM case matters to CISOs, cybersecurity leaders, and IT teams everywhere. Data proliferation doesn’t just create privacy exposure; it creates systemic risk that fuels identity abuse, authentication bypass, fake job applications, and deepfake campaigns across organizations. The message is simple: data is hazardous material, and minimizing it is now a core part of cybersecurity strategy. Key Takeaways: 1. Prioritize data inventory and mapping in 2026 You cannot assess risk, select controls, or meet regulatory obligations without knowing what data you have, where it lives, how it flows, and why it is retained. 2. Reduce data to reduce risk Data minimization is a security control that lowers breach impact, compliance burden, and long-term cost. 3. Expect that regulators care about data use, not just breaches Enforcement increasingly targets over-collection, secondary use, sharing, and retention even when no breach occurs. 4. Create and actively use a data classification policy Classification drives retention, access controls, monitoring, and protection aligned to data value and regulatory exposure. 5. Design identity and recovery assuming personal data is already compromised Build authentication and recovery flows that do not rely on the secrecy of SSNs, dates of birth, addresses, or other static personal data. 6. Train teams on data handling, not just security tools Ensure engineers, IT staff, and business teams understand what data can be collected, how long it can be retained, where it may be stored, and how it can be shared. Resources: 1. California Privacy Protection Agency — Delete Request and Opt-Out Platform (DROP) https://privacy.ca.gov/drop/ 2. FTC Press Release — FTC Takes Action Against General Motors for Sharing Drivers’ Precise Location and Driving Behavior Data https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-takes-action-against-general-motors-sharing-drivers-precise-location-driving-behavior-data 3. California Delete Act (SB 362) — Overview https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362 4. Texas Attorney General — Data Privacy Enforcement Actions https://www.texasattorneygeneral.gov/news/releases 5. Data Breaches by Sherri Davidoff https://www.amazon.com/Data-Breaches-Opportunity-Sherri-Davidoff/dp/0134506782

The December release of the Epstein files wasn’t just controversial—it exposed a set of security problems organizations face every day. Documents that appeared heavily redacted weren’t always properly sanitized. Some files were pulled and reissued, drawing even more attention. And as interest surged, attackers quickly stepped in, distributing malware and phishing sites disguised as “Epstein archives.” In this episode of Cyberside Chats, we use the Epstein files as a real-world case study to explore two sides of the same problem: how organizations can be confident they’re not releasing more data than intended, and how they can trust—or verify—the information they consume under pressure. We dig into redaction failures, how AI tools change the risk model, how attackers weaponize breaking news, and practical ways teams can authenticate data before reacting.

AI has supercharged phishing, deepfakes, and impersonation attacks—and 2025 proved that our trust systems aren’t built for this new reality. In this episode, Sherri and Matt break down the #1 change every security program needs in 2026: dramatically improving identity and authentication across the organization. We explore how AI blurred the lines between legitimate and malicious communication, why authentication can no longer stop at the login screen, and where organizations must start adding verification into everyday workflows—from IT support calls to executive requests and financial approvals. Plus, we discuss what “next-generation” user training looks like when employees can no longer rely on old phishing cues and must instead adopt identity-safety habits that AI can’t easily spoof. If you want to strengthen your security program for the year ahead, this is the episode to watch. Key Takeaways: Audit where internal conversations trigger action. Before adding controls, understand where trust actually matters—financial approvals, IT support, HR changes, executive requests—and treat those points as attack surfaces. Expand authentication into everyday workflows. Add verification to calls, video meetings, chats, approvals, and support interactions using known systems, codes, and out-of-band confirmation. Apply friction intentionally where mistakes are costly. Use verified communication features in collaboration platforms. Enable identity indicators, reporting features, and access restrictions in tools like Teams and Slack, and treat them as identity systems rather than just chat tools. Implement out-of-band push confirmation for high-risk requests. Authenticator-based confirmation defeats voice, video, and message impersonation because attackers rarely control multiple channels simultaneously. Move toward continuous identity validation. Identity should be reassessed as behavior and risk change, with step-up verification and session revocation for high-risk actions. Redesign training around identity safety. Teach employees how to verify people and requests, not just emails, and reward them for slowing down and confirming—even when it frustrates leadership. Tune in weekly on Tuesdays at 6:30 am ET for more cybersecurity advice, and visit www.LMGsecurity.com if you need help with cybersecurity testing, advisory services, or training. Resources: CFO.com – Deepfake CFO Scam Costs Engineering Firm $25 Million https://www.cfo.com/news/deepfake-cfo-hong-kong-25-million-fraud-cyber-crime/ Retool – MFA Isn’t MFA https://retool.com/blog/mfa-isnt-mfa Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/ Wired – Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data https://www.wired.com/story/doxers-posing-as-cops-are-tricking-big-tech-firms-into-sharing-peoples-private-data/ LMG Security – 5 New-ish Microsoft Security Features & What They Reveal About Today’s Threats https://www.lmgsecurity.com/5-new-ish-microsoft-security-features-what-they-reveal-about-todays-threats/

A massive 7-year espionage campaign hid in plain sight. Harmless Chrome and Edge extensions — wallpaper tools, tab managers, PDF converters — suddenly flipped into full surveillance implants, impacting more than 4.3 million users. In this episode, we break down how ShadyPanda built trust over years, then weaponized auto-updates to steal browsing history, authentication tokens, and even live session cookies. We’ll walk through the timeline, what data was stolen, why session hijacking makes this attack so dangerous, and the key steps security leaders must take now to prevent similar extension-based compromises. Key Takeaways Audit and restrict browser extensions across the organization. Inventory all extensions in use, remove unnecessary ones, and enforce an allowlist through enterprise browser controls. Treat extensions as part of your software supply chain. Extensions can flip from safe to malicious overnight. Include them in risk assessments and governance processes. Detect and mitigate session hijacking. Monitor for unusual token reuse, shorten token lifetimes where possible, and watch for logins that bypass MFA. Enforce enterprise browser security controls. Use Chrome/Edge enterprise features or MDM to lock down permissions, block unapproved installations, and enable safe browsing modes. Reduce extension sprawl with policy and training. Educate employees that extensions carry real security risk. Require justification for new installations and empower IT to remove unnecessary ones. Please tune in weekly for more cybersecurity advice, and visit www.LMGsecurity.com if you need help with your cybersecurity testing, advisory services, and training. Resources: KOI Intelligence (Original Research): https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign Malwarebytes Labs Coverage: https://www.malwarebytes.com/blog/news/2025/12/sleeper-browser-extensions-woke-up-as-spyware-on-4-million-devices Infosecurity Magazine Article: https://www.infosecurity-magazine.com/news/shadypanda-infects-43m-chrome-edge/ #ShadyPanda #browserextension #browsersecurity #cybersecurity #cyberaware #infosec #cyberattacks #ciso

From routers to office cameras to employee phones and even the servers running your network, Chinese-manufactured components are everywhere—including throughout your own organization. In this live Cyberside Chats, we’ll explore how deeply these devices are embedded in modern infrastructure and what that means for cybersecurity, procurement, and third-party risk. We’ll break down new government warnings about hidden communication modules, rogue firmware, and “ghost devices” in imported tech—and how even trusted brands may ship products with risky components. Most importantly, we’ll share what you can do right now to identify exposure, strengthen procurement and third-party risk management (TPRM) processes, and protect your organization before the next breach or regulation hits. Join us live for a 25-minute deep dive plus Q&A—and find out whether your supply chain is truly secure… or “Made in China—and Hacked Everywhere.” Key Takeaways: Require an Access Bill of Materials (ABOM) for every connected device. Ask vendors to disclose all remote access paths, cloud services, SIMs/radios, update servers, and subcontractors. This is the most effective way to catch hidden modems, undocumented connectivity, or offshore control channels before procurement. Treat hardware procurement with the same rigor as software supply chain risk. Routers, cameras, inverters, and vehicles must be vetted like software: know the origin of components, how firmware is managed, and who can control or modify the device. This mindset shift prevents accidental onboarding of hidden risks. Establish and enforce a simple connected-device procurement policy. Set clear rules: no undocumented connectivity, no unmanaged remote access, no end-of-life firmware in new buys, and mandatory security review for all "smart" devices. This helps buyers avoid risky equipment even when budgets are tight. Reduce exposure through segmentation and access restrictions. Before replacing anything, isolate high-risk devices, block unnecessary outbound traffic, and disable vendor remote access. These low-cost steps significantly reduce exposure while giving you time to plan longer-term changes. Strengthen third-party risk management (TPRM) for vendors of connected equipment. Expand TPRM reviews to cover firmware integrity, logging, hosting jurisdictions, remote access practices, and subcontractors. This ensures your vendor ecosystem doesn't introduce avoidable hardware-level vulnerabilities. References: Wall Street Journal (Nov 19, 2025) – “Can Chinese-Made Buses Be Hacked? Norway Drove One Down a Mine to Find Out.” (Chinese electric bus remote-disable and SIM access findings) U.S. House Select Committee on China & House Homeland Security Committee (Sept 2024 Report) – Port Crane Security Assessment. (Unauthorized modems, supply-chain backdoors, and ZPMC risk findings) FDA & CISA (Feb–Mar 2025) – Security Advisory: Contec CMS8000 Patient Monitor. (Backdoor enabling remote file execution and hidden network communications) Anthropic (Nov 13, 2025) – “Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign.” (China-linked AI-driven intrusion playbook and campaign analysis) LMG Security (2025) – “9 Tips to Streamline Your Vendor Risk Management Program.” https://www.lmgsecurity.com/9-tips-to-streamline-your-vendor-risk-management-program #chinesehackers #cybersecurity #infosec #LMGsecurity #ciso #TPRM #thirdpartyrisk #security

When thieves pulled off a lightning-fast heist at the Louvre on October 19, 2025, the world focused on the stolen jewels. But leaked audit reports soon revealed another story — one of weak passwords, legacy systems, and a decade of ignored warnings. In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin dig into the cybersecurity lessons behind the Louvre’s seven-minute robbery. They explore how outdated infrastructure, poor vendor oversight, and default credentials mirror the same risks plaguing modern organizations — from hospitals to banks. Listen as Sherri and Matt connect the dots between a world-famous museum and your own IT environment — and share practical steps to keep your organization from becoming the next headline. Key Takeaways Audit for weak and shared passwords. Regularly scan for shared, default, or vendor credentials. Replace them with strong, unique, role-based passwords and enforce MFA across administrative and vendor accounts. Conduct regular penetration tests and track remediation. Perform annual or semiannual pen tests that include internal movement and segmentation checks. Assign owners for every finding, set deadlines, and verify fixes. Vet and contractually bind third-party vendors. Require patching and OS update clauses in vendor contracts, and verify each vendor’s security practices through audits or reports such as SOC 2. Integrate IT and physical security. Coordinate teams so camera, badge, and alarm systems receive the same cybersecurity oversight as IT systems. Check for remote access exposure and outdated credentials. Plan for legacy system containment. Identify unsupported systems, isolate them on segmented networks, and add compensating controls. Build a phased replacement roadmap tied to budget and risk. Create a continuous audit and feedback loop. Assign clear ownership for all audit findings and track progress. Escalate unresolved risks to leadership to maintain visibility and accountability. Control your media communications. Limit access to sensitive reports and train staff to prevent leaks. Manage breach-related communications strategically to protect reputation and trust. Don't forget to follow us for weekly expert cybersecurity insights on today's threats. Resources Libération / CheckNews – “Louvre as a password, outdated software, impossible updates…” (Nov. 1, 2025) CNET – “You probably have a better password than the Louvre did — learn from its mistake.” (Nov. 2025) YouTube – Hank Green interviews Sherri Davidoff on the Louvre Heist LMG Security – “How Hackers Turned Cameras into Crypto Miners” (Scientific American) #louvreheist #cybersecurity #cyberaware #password #infosec #ciso