Security Intelligence

Why does it cost so much more to get hacked in the United States than anywhere else in the world? In this special bonus episode of Security Intelligence, we sit down with Michelle Alvarez, Manager of Strategic Threat Analysis at IBM X-Force, for a deep dive into IBM’s 2025 Cost of a Data Breach report—and one of its most surprising findings: global breach costs are falling, but US breach costs just hit a record high. What’s driving the gap? In this episode, we unpack: Why faster detection and containment are lowering breach costs globally Why shadow AI is quietly increasing breach risk and driving up response costs Why regulatory fines, global operations and organizational scale hit US companies especially hard And how supply chain breaches, cloud complexity and shadow IT amplify the damage We also explore a critical inflection point ahead: AI isn’t a major attack target yet—but once adoption crosses key market concentration thresholds, attackers will follow the ROI. All that and more on Security Intelligence The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence Read the Cost of a Data Breach report: https://ibm.biz/BdbkLt

Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence In this special year-end episode of Security Intelligence, we reflect on 2025, a year of new attack methods (ClickFix), new vulnerabilities (vibecoding) and new worries on the horizon (shadow agents). From hijacked AI agents to massive supply chain breaches, 2025 forced security leaders to confront a sobering reality: trust might just be our biggest attack surface. Join hosts Matt Kosinski and Patrick Austin for a jam-packed look back at the biggest cybersecurity trends and cyberattacks of 2025, the lessons we can learn from them and what the road ahead looks like. Featuring: 00:00 – Introduction4:10 – AI and data security with Michelle Alvarez and Jeff Crume 22:42 – Biggest cyberattacks of 2025 with Dave Bales and Nick Bradley 38:18 – Major lessons, innovations and failures of cybersecurity in 2025 with Suja Viswesan and Sridhar Muppidi All that and more on Security Intelligence. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → https://www.ibm.com/think/security

AI browsers are neat—but are they more trouble than they’re worth? In this episode of Security Intelligence, Austin Zeizel, Evelyn Anderson and Ryan Anschutz discuss Gartner’s recent advisory warning organizations to ban AI browsers from the workplace for the time being. Is there anything we can do to make them safe enough to use? And that leads to a broader conversation about the relationship between AI model providers and the cybersecurity community. In the wake of some high-profile attacks using AI models—like the spy ring Anthropic busted—cybersecurity pros are split on whether AI vendors are pulling their weight in threat intel circles. This one has it all: spam bombing, social engineering and malicious virtual machines. All that and more on Security Intelligence. 00:00 – Introduction 01:14 -- Gartner: No AI browsers at work 13:38 -- Should AI vendors share threat intel? 23:11 -- MITRE’s top 25 most dangerous software flaws 33:15 -- Are social logins safe? 41:54 -- Bring-your-own-VM attacks The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Learn more about cybersecurity → https://www.ibm.com/think/security

Just how big a deal is React2Shell? Depending on who you ask, it’s either a Log4Shell-level event or just another average, everyday application security vulnerability. Patch and move on. This week, on Security Intelligence, panelists Sridhar Muppidi, Claire Nuñez and Ian Molloy weigh in on the contentious debate React2Shell has sparked. However it shakes out, one thing is for sure: The response to this vulnerability has been anything but typical. We also dive into: 13:01 -- Whether malicious LLMs like WormGPT live up to the hype 23:40 -- How hackers can lock you out of your Gmail account by changing your age 34:09 -- What happens when two different threat actors attack you at the same time 42:37 -- Why cybersecurity pros should care about solar radiation grounding 6,000 flights All that and more on Security Intelligence. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Explore the podcast → https://www.ibm.com/think/podcasts/security-intelligence Subscribe for AI and security updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120