Folgen

  • Jay Beale on Kubernetes, DEF CON, and AI Attack Paths

    Jay Beale on Kubernetes, DEF CON, and AI Attack Paths
    Jun 29 2026

    This week on Shared Security, Tom and Kevin sit down with Jay Beale — founder of InGuardians, long-time Black Hat trainer, creator/contributor behind Kubernetes security training, and part of the team behind the DEF CON Kubernetes CTF. Jay shares stories from decades of offensive security work, including the time Tom hired him for a physical penetration test and Jay somehow ended up inside a call center instead of stuck in the lobby. The crew also digs into what makes good security training, why Kubernetes is such a natural platform for both defenders and attackers to understand deeply, and how the DEF CON Kubernetes CTF is designed to be welcoming for both competitors and learners. The episode closes with a practical look at AI infrastructure risk. Jay explains how production AI stacks running on Kubernetes can be attacked like any other cluster — and how modifying a vector database behind a RAG system can turn indirect prompt injection into a persistent, high-impact attack path.

    ** Links mentioned on the show **

    Jay's Black Hat USA Course: Agentic AI-aided Kubernetes Attack and Defense
    https://blackhat.com/us-26/training/schedule/index.html?day=4daysattue#agentic-ai-aided-kubernetes-attack-and-defense-51318

    Jay Beale on LinkedIn
    https://www.linkedin.com/in/jaybeale/

    InGuardians
    https://www.inguardians.com/

    DEF CON
    https://defcon.org/


    ** Watch this episode on YouTube **

    https://youtu.be/aMHk62dprDA

    ** Become a Shared Security Supporter **

    Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel's membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

    ** Thank you to our sponsors! **

    SLNT

    Visit slnt.com to check out SLNT's amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code "sharedsecurity".


    ** Subscribe and follow the podcast **

    Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
    Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
    Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
    Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
    Visit our website: https://sharedsecurity.net
    Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
    Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
    Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
    Contact us: https://sharedsecurity.net/contact
    Mehr anzeigen Weniger anzeigen
    38 Min.
  • Can the Government Shut Down Frontier AI Overnight?

    Can the Government Shut Down Frontier AI Overnight?
    Jun 22 2026
    The U.S. government reportedly ordered Anthropic to suspend access to two of its newest frontier AI models, Fable 5 and Mythos 5, citing national security concerns tied to a possible jailbreak. Anthropic complied, but pushed back on the reasoning, arguing that the reported behavior was narrow and that similar capabilities already exist in other advanced AI models.In this episode, Tom, Scott, and Kevin discuss why treating AI capabilities like export-controlled technology may create more problems than it solves. The conversation connects today’s AI restrictions to earlier fights over encryption export controls, hacker tools, and government attempts to regulate technical capability by banning access. The bigger concern: defenders may lose access to tools that help them find, fix, and test vulnerable code while attackers simply move to other models or providers.The team also looks at what this means for businesses using cloud-based AI tools. If an AI service can disappear because of a government order, vendor decision, or geopolitical restriction, security and engineering teams need alternatives, back-out plans, and a realistic “ripcord” strategy for mission-critical workflows.Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.** Links mentioned on the show ** Anthropic statement: Fable/Mythos access https://www.anthropic.com/news/fable-mythos-accessReuters: US blocks foreign access to Anthropic's most advanced AI models https://www.reuters.com/technology/us-blocks-foreign-access-anthropics-most-advanced-ai-models-axios-reports-2026-06-13/Decrypt: US Government Orders Anthropic to Pull Claude Fable/Mythos AI Models https://decrypt.co/371027/us-government-orders-anthropic-pull-claude-fable-mythos-ai-modelsKatie Moussouris / Luta Security: The Fable 5 Export Controls Harm US Cyber Defensehttps://www.lutasecurity.com/post/the-fable-5-export-controls-harm-us-cyber-defense** Watch this episode on YouTube **https://youtu.be/Y62TlfnVtRg** Become a Shared Security Supporter **Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel's membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join** Thank you to our sponsors! **SLNTVisit slnt.com to check out SLNT's amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code "sharedsecurity".** Subscribe and follow the podcast **Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcastFollow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.socialFollow us on Mastodon: https://infosec.exchange/@sharedsecurityJoin us on Reddit: https://www.reddit.com/r/SharedSecurityShow/Visit our website: https://sharedsecurity.netSubscribe on your favorite podcast app: https://sharedsecurity.net/subscribeSign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribeLeave us a rating and review: https://ratethispodcast.com/sharedsecurityContact us: https://sharedsecurity.net/contact
    Mehr anzeigen Weniger anzeigen
    19 Min.
  • Guarding AI Agents: Boundaries and Safeguards

    Guarding AI Agents: Boundaries and Safeguards
    Jun 15 2026

    AI agents are useful, but they become risky when they can take action in real systems. In this episode, Tom Eston discusses recent reporting about attackers tricking Meta’s AI support chatbot into helping hijack Instagram accounts, and why that story matters far beyond social media. Tom explains practical guardrails for AI agents: read-only access first, human approval for consequential actions, separated accounts and contexts, prompt-injection awareness, least privilege, logging, monitoring, and adversarial testing for support and account recovery workflows.


    Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.


    ** Links mentioned on the show **

    Podcast: Hackers Asked Meta AI To Let Them In. It Worked
    https://www.404media.co/podcast-hackers-asked-meta-ai-to-let-them-in-it-worked/

    The Verge summary of the Meta/Instagram AI support chatbot exploit
    https://www.theverge.com/tech/941179/meta-instagram-ai-support-chatbot-exploit-hacked

    ** Watch this episode on YouTube **
    https://youtu.be/TL3MGnI4hUU

    ** Become a Shared Security Supporter **

    Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

    ** Thank you to our sponsors! **

    SLNT

    Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

    ** Subscribe and follow the podcast **

    Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

    Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

    Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

    Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

    Visit our website: https://sharedsecurity.net

    Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

    Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

    Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

    Contact us: https://sharedsecurity.net/contact

    The post Guarding AI Agents: Boundaries and Safeguards appeared first on Shared Security Podcast.
    Mehr anzeigen Weniger anzeigen
    11 Min.
  • Mobile Application Security: What Every Organization Needs to Know

    Mobile Application Security: What Every Organization Needs to Know
    Jun 10 2026

    Mobile apps are now deeply connected platforms for identities, payments, sessions, APIs, healthcare, retail, gaming, and cloud services. In this special episode, Tom Eston talks with Joel Destefano, Senior Product Manager at Guardsquare, about the modern mobile app threat landscape and why organizations can’t treat mobile security as an afterthought.

    Topics include runtime manipulation, API abuse, account takeover, fake apps, overlays, malware-assisted fraud, reverse engineering, iOS vs Android risk, AI-assisted attacks, and why backend-only security is not enough.

    Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

    ** Links mentioned on the show **

    Find out more about Guardsquare
    https://www.guardsquare.com/

    Guardsquare’s Blog and Research Center
    https://www.guardsquare.com/blog
    https://www.guardsquare.com/mobile-app-security-research-center/welcome

    OWASP Mobile Application Security
    https://owasp.org/www-project-mobile-app-security/

    OWASP MASVS
    https://mas.owasp.org/MASVS/

    ** Watch this episode on YouTube **

    ** Become a Shared Security Supporter **

    Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

    ** Thank you to our sponsors! **

    SLNT

    Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

    ** Subscribe and follow the podcast **

    Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

    Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

    Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

    Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

    Visit our website: https://sharedsecurity.net

    Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

    Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

    Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

    Contact us: https://sharedsecurity.net/contact

    The post Mobile Application Security: What Every Organization Needs to Know appeared first on Shared Security Podcast.
    Mehr anzeigen Weniger anzeigen
    32 Min.
  • Microsoft Threatens Legal Action Over Exploit Disclosure

    Microsoft Threatens Legal Action Over Exploit Disclosure
    Jun 8 2026
    Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare Eclipse controversy, the history of full disclosure, bug bounty incentives, and why legal threats against researchers may ultimately hurt customers. They also explain why researchers still need to follow responsible processes — and why vendors need to avoid punishing the people who help make their products safer. Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com. ** Links mentioned on the show ** The Verge: Microsoft is threatening legal action for disclosing exploits https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability Microsoft MSRC Blog: A shared responsibility: Protecting customers through coordinated vulnerability disclosure https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure Kevin Beaumont / DoublePulsar: Microsoft’s stance on zero day exploits is a dumpster fire of their own making https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4 ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Microsoft Threatens Legal Action Over Exploit Disclosure appeared first on Shared Security Podcast.
    Mehr anzeigen Weniger anzeigen
    17 Min.
  • Apple Finally Fixes One of Texting’s Biggest Security Problems

    Apple Finally Fixes One of Texting’s Biggest Security Problems
    Jun 1 2026

    Apple and Google are finally bringing end-to-end encrypted RCS messaging to iPhone and Android chats. In this episode, Tom Eston and Kevin Tackett explain why that matters, why insecure SMS is not going away anytime soon, and why Signal is still the better choice for truly sensitive conversations. They also revisit the green bubble versus blue bubble debate, platform trust issues, and what everyday users should understand before assuming every text message is private.

    Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

    ** Links mentioned on the show **

    Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
    https://www.eff.org/deeplinks/2026/05/victory-end-end-encrypted-rcs-comes-apple-and-android-chats

    ‘Blue Bubbles’—Apple Says iPhone Messaging Is Still ‘Best’
    https://www.forbes.com/sites/zakdoffman/2026/05/26/blue-bubbles-apple-says-iphone-messaging-is-still-best/

    End-to-end encrypted RCS messaging begins rolling out today in beta
    https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/

    ** Watch this episode on YouTube **

    ** Become a Shared Security Supporter **

    Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

    ** Thank you to our sponsors! **

    SLNT

    Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

    ** Subscribe and follow the podcast **

    Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

    Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

    Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

    Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

    Visit our website: https://sharedsecurity.net

    Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

    Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

    Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

    Contact us: https://sharedsecurity.net/contact

    The post Apple Finally Fixes One of Texting’s Biggest Security Problems appeared first on Shared Security Podcast.
    Mehr anzeigen Weniger anzeigen
    15 Min.
  • Should AI Have Access to Your Financial Life?

    Should AI Have Access to Your Financial Life?
    May 25 2026

    OpenAI is now allowing some ChatGPT users to connect their bank accounts and financial data directly to the platform. In this episode, we discuss the technology behind the feature, the convenience it promises, and the serious privacy and security questions it raises.

    From AI-generated budgeting advice to the risks of centralized financial profiling, we examine what happens when conversational AI gains visibility into your spending habits, debts, subscriptions, and financial goals.

    Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

    ** Links mentioned on the show **

    ChatGPT Can Now Connect to Your Bank Account and See All Your Transactions
    https://gizmodo.com/chatgpt-can-now-connect-to-your-bank-account-and-see-all-your-transactions-2000759306

    ** Watch this episode on YouTube **

    ** Become a Shared Security Supporter **

    Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

    ** Thank you to our sponsors! **

    SLNT

    Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

    ** Subscribe and follow the podcast **

    Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

    Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

    Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

    Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

    Visit our website: https://sharedsecurity.net

    Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

    Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

    Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

    Contact us: https://sharedsecurity.net/contact

    The post Should AI Have Access to Your Financial Life? appeared first on Shared Security Podcast.
    Mehr anzeigen Weniger anzeigen
    25 Min.
  • Cybersecurity Lessons from the Canvas Data Breach

    Cybersecurity Lessons from the Canvas Data Breach
    May 18 2026

    In this episode we discuss the recent cyber attack targeting Instructure’s widely used learning platform, Canvas, and the major late-breaking development that Instructure reached an “agreement” with the ShinyHunters cybercriminal group after threats to leak large amounts of stolen student and faculty data. Instructure says the stolen data was returned and that attackers provided digital confirmation that the information was destroyed, but the company did not deny making a payment—language that many in cybersecurity interpret as a ransom settlement.

    Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

    ** Links mentioned on the show **

    Cyberattack on Canvas system causes chaos for students at thousands of schools
    https://apnews.com/article/cyberattack-schools-canvas-instructure-shinyhunters-a0d7719689263e6b5f90d0e633391b5b

    Instructure strikes agreement with hackers after Canvas breach hits Duke, thousands of other schools
    https://www.dukechronicle.com/article/duke-university-instructure-reaches-agreement-with-canvas-hackers-shinyhunters-cyberattack-leak-down-stolen-data-ransom-20260512

    ** Watch this episode on YouTube **

    ** Become a Shared Security Supporter **

    Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

    ** Thank you to our sponsors! **

    SLNT

    Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

    ** Subscribe and follow the podcast **

    Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

    Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

    Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

    Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

    Visit our website: https://sharedsecurity.net

    Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

    Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

    Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

    Contact us: https://sharedsecurity.net/contact

    The post Cybersecurity Lessons from the Canvas Data Breach appeared first on Shared Security Podcast.
    Mehr anzeigen Weniger anzeigen
    17 Min.