Security Intelligence

What happens when one of the world’s most popular AI coding tools falls into the wrong hands?

On this episode of Security Intelligence, Nick Bradley, Dave Bales and JR Rao discuss the Claude Code source code leak. Attackers are already using the opportunity to spread malware through fake repos, but the real question is how threat actors might use their newfound knowledge of Claude Code’s internals to wreak havoc on AI agents and the CI/CD pipeline.

Then, we follow up on our old friends TeamPCP, Shiny Hunters and Lapsus$, whose overlapping data breach claims are causing no small amount of confusion and consternation among security pros. We examine the credential rotation problem and the uneven security surface of modern supply chains that helped get us in this mess.

Plus: Threat intelligence usually focuses on attacks that did happen. But what if we started talking about the ones that didn’t? And do cybercriminals have anything to teach us about “mature” AI adoption? Some big names seem to think so.

All that and more on Security Intelligence.

Segments:

00:00 – Introduction
1:12 -- The Claude Code leak
11:19 -- TeamPCP’s breach spree
21:21 -- “Close-call” databases
29:28 -- Cybercrime and AI adoption

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Visit the Security Intelligence the podcast page → https://www.ibm.com/think/podcasts/security-intelligence

Explore to securely deploy and operate agentic AI workloads at runtime → https://ibm.webcasts.com/starthere.jsp?ei=1755597&tp_key=10f0b8919a&sti=inbound

Learn more about solving agentic AI identity and access gaps → https://www.hashicorp.com/en/blog/agentic-runtime-security-solving-agentic-ai-identity-and-access-gaps

LiteLLM is a nifty little Python library that gives you access to about 100 different AI services through one API. It gets an estimated 3.4 million downloads a day.

And last week, it was turned into a Trojan horse, distributing infostealers to hundreds of thousands of devices. (At least, that’s what TeamPCP says—the hackers behind the LiteLLM breach and a slew of other high-profile software supply chain attacks in recent weeks.)

Quote Andrej Karpathy: This is “basically the scariest thing imaginable in modern software.”

On this episode of Security Intelligence, Suja Viswesan, Dave McGinnis and Jeff Crume help us break down the LiteLLM breach and the broader campaign TeamPCP is waging.

We’re also joined by HashiCorp Field CTO Jake Lundberg in the first segment for a discussion of how organizations are trying—with varying degrees of success—to tackle the agentic AI problem.

AI agents are identities—but identities our existing frameworks weren’t built to house. Simply porting existing human and non-human identity management practices onto them won’t cut it.

But the question remains: What do we need instead?

All that and more on Security Intelligence.

Segments

00:00 -- Intro
1:13 -- Who will fix AI agent security?
21:17 -- RSAC 2026 Recap
29:31 -- 2026's most dangerous cyberattacks
40:45 -- The LiteLLM breach

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence

Most cybersecurity pros only run into cryptocurrency when they’re dealing with ransomware gangs demanding payouts in Bitcoin.

But what if crypto infrastructure were more than just a means of money laundering?

In this episode of IBM’s Security Intelligence podcast, X-Force threat intelligence consultant Austin Zeizel makes the case that blockchain — the decentralized ledger underlying many cryptocurrency systems — has powerful, largely untapped applications for cybersecurity. In fact, Austin makes a pretty convincing argument that blockchain could be the key to a genuinely zero trust architecture.

We also get into how cybercriminals actually exploit cryptocurrency — coin mixers, non-KYC exchanges, the pseudonymous nature of Bitcoin — and why understanding those mechanics matters for defenders.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform → https://www.ibm.com/think/podcasts/security-intelligence

Someone finally cracked the Xbox One after 13 years. Here’s why security pros should care.

On this episode of Security Intelligence, panelists Ian Molloy, Seth Glasgow and Kimmie Farrington discuss the Xbox One hack presented at RE//verse 2026. More than just a neat story of one hacker’s ingenuity, there are some important takeaways for practitioners here.

But before that, we get into promptware, a new model for understanding attacks on LLMs that goes beyond the basics of prompt injections. Formulated by a handful of prominent cybersecurity researchers, including Bruce Schneier, promptware urges defenders to start thinking about the full AI attack kill chain, not just the front door.

Then we dive into a new analysis of cloud attack trends from IBM X-Force's Omari Jones, which finds that cybercriminals are targeting cloud ecosystems rather than cloud infrastructure. How do we need to shift our own mindsets to counter this?

Meanwhile, Google Threat Intelligence Group and Coveware find ransomware gangs increasingly ditching their flashy external tools in favor of PowerShell and other built-in system utilities—making detection significantly harder.

And Chuck Everette's Dark Reading op-ed raises a question that doesn't get enough airtime: With everyone focused on cutting-edge AI tech, what about the downright ancient OT systems and PLCs that underpin large swaths of American critical infrastructure?

All that and more on Security Intelligence.

In this episode:

00:00 – Introduction
1:01 -- From prompt injection to promptware
11:15 -- Cloud security trends 2026
19:59 -- Ransomware attackers live off the land
28:53 -- OT security: cybersecurity’s “rusting edge”
34:41 -- The Xbox One hack

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Cloud attacks are evolving: What 2025 trends mean for defenders in 2026 → https://www.ibm.com/think/x-force/cloud-attacks-evolving-what-2025-trends-mean-defenders-2026

Listen to our latest episode, Can IAM handle AI? → https://www.ibm.com/think/podcasts/security-intelligence/ai-agent-access-problem-iam-handle-ai
Does your AI agent talk too much? It’s not just an annoying habit—it’s a security concern.

On this episode of Security Intelligence, Sridhar Muppidi, Claire Nuñez and Dave Bales join me to discuss Guardio’s research into “agentic blabbering,” and how attacks can use an agent’s reasoning process against it.

In experiments with the agentic Perplexity Comet browser, Guardio researchers were able to design foolproof phishing websites just by listening to agent’s running monologue as it traversed the web.

What does it mean for agentic security when sophisticated AI reasoning processes can be weaponized?

Then, we chat about Microsoft Azure CTO Mark Russinovich’s discovery that Claude Opus can reverse engineer 40-year-old (practically ancient, by software standards) code. Did AI just expand the attack surface to include every compiled binary ever written?

Plus: Contrast Security CISO David Lindner claims that shift left has failed. Dramatic increases in the exploitation go vulnerable code—confirmed by the IBM Threat Intelligence Index 2026, among many other reports—suggest he might be onto something. But is there more to the story?

And, finally, we dig into two new pieces of research from IBM X-Force: One about a new piece of AI-generated malware, and another about reframing how we think about authentication.

All that and more on Security Intelligence.

00:00 -- Introduction
1:19 -- Perplexity Comet’s “agentic blabbering”
13:06 -- AI resurrects old vulnerabilities
21:28 -- Did shift left fail?
30:05 -- AI slop and the post-auth perimeter

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Read more about “Slopoly” → https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks