Jerry Perullo, Sounil Yu, Mario Duarte
The Adversarial Podcast
Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.
Author
Jerry Perullo, Sounil Yu, Mario Duarte
Category
Podcast website
Latest episode
Jul 1, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
S4E21 - Travel Security, AI Defense Matrix, Startup Security 01.07.2026 1:06:33
In this episode, Jerry, Mario, and Sounil delve into cybersecurity challenges related to travel, threat models, AI security, and best practices for startups. They explore practical strategies for managing security risks in a rapidly evolving digital landscape, emphasizing the importance of threat modeling, secure coding, and organizational priorities. 00:00 Intro 01:55 Travel Restrictions and Secu...
S4E20 - AI Executive Order, Project Glasswing Expanding, Cybersecurity Workforce 09.06.2026 1:06:14
Promoting Advanced Artificial Intelligence Innovation and Security The White House EO pushes federal agencies toward AI-enabled cyber defense, frontier-model benchmarking, and a voluntary framework for trusted access to high-end AI systems. Expanding Project Glasswing Anthropic is widening Project Glasswing beyond its first cohort, giving more trusted security teams access to Claude Mythos Preview...
S4E19 – Canvas hacked, Cloudflare layoffs, GitHub CVE rundown 12.05.2026 1:09:12
Canvas hack strands university students during finals week . A Canvas cyberattack hit universities and K-12 schools during finals, locking students and teachers out of grades, assignments, lecture materials, and exams at the worst possible moment. Building for the future. Cloudflare says it is cutting more than 1,100 employees as it restructures around internal AI-driven workflows, even as the tim...
S4E18 – Mythos and TPRM, does SOC 2 really work? 28.04.2026 1:05:26
00:34 - Introduction 03:33 - Enterprise Challenges 07:08 - End User and Browsers 21:55 - Vulnerability Metrics 40:37 - Approaching Leadership 42:09 - TPRM Discussion 46:40 - Sharing Findings 01:03:04 - Conclusion Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150 Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150 Mozilla let Anthropic’s Mythos loose on...
S4E17 – Mythos, Delve's downfall, and supply chain attacks 23.04.2026 1:08:58
Project Glasswing ( https://www.anthropic.com/glasswing ) Anthropic is letting AWS, Apple, Google, Microsoft, JPMorgan, Cisco, NVIDIA, and friends point Claude Mythos at their shared attack surface while backing it with $100M in credits and $4M for OSS security groups so blue teams can burn down latent vulns before the offense gets equivalent AI. Inside the TeamPCP cascading supply chain attack (...
Special RSAC episode with Cloudflare - Cybersecurity and AI, CISO/Board dynamics, future of cybersecurity 14.04.2026 44:38
The Adversarial Podcast brings you a special episode in collaboration with Cloudflare's Security Signal Podcast. 0:39 - 3:33 AI Governance and Autonomy 6:26 - 8:49 Human in the Loop 9:17 - 11:40 Cybersecurity and AI 15:26 - 18:19 Resilience and Anti-Fragility 28:24 - 33:05 Threat Intelligence 33:31 - 36:50 Board and CISO Dynamics 41:09 - 42:35 Future of Cybersecurity 42:35 - 44:14 Books and Resour...
S4E15 – RSAC, Iranian hackers, White House's Cyber Strategy and Cyber EOs, the Future of TPRM 17.03.2026 1:09:52
Iran-linked hackers claim responsibility for attack on US medical device maker Stryker Attackers tied to Iran say they hit Stryker, and investors punished the stock as the company scrambled to assess exposure. Trump Signs Executive Order Aimed at Cybercrime Gangs The President issued an order to tide together federal tools, international partners, and private-sector incentives for hunting down and...
S4E14 – Federal Gov vs. Anthropic, 40% layoff at Blocks due to AI 03.03.2026 1:01:59
Claude Code Security research preview Claude now reasons about code like a human researcher, re-checks its own findings for confidence, and surfaces patch suggestions in a dashboard while keeping humans in control—limited preview for Enterprise/Team customers plus expedited access for open-source maintainers. Pentagon gives Anthropic a best-and-final offer With a deadline looming, the Pentagon dem...
S4E13 – Munich Security Conference, hiring AI specialists, Gemini used by criminals 18.02.2026 1:12:55
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use Google’s threat team distills red-team learnings from sophisticated experimentation as it hardens defenses and anticipates adversarial AI backdoors. New Trump Cyber Strategy Prompts Companies to Mull Legal Limits The administration’s aggressive cyber doctrine is forcing firms to reconsider...
Adversarial Podcast S4E12 – Curl shuts down bug bounty program, most expensive security control that gave zero security 05.02.2026 1:18:05
The end of the curl bug bounty program. Curl’s creator Daniel Stenberg announced the shutdown of the project’s bug-bounty program because overwhelming volumes of low-quality and AI-generated reports, coupled with bad-faith security submissions, impose excessive mental and time costs while providing little real improvement to the software. Changing Federal Reserve Regulations. The memo directs Fede...
Adversarial Podcast S4E11 – Iran Internet blackout, threat intelligence briefings, cyber framework alignment 20.01.2026 1:15:22
00:00 Intro 01:40 Iran's Internet blackout 48:06 U.S. Weighs Expanding Private Companies’ Role in Cyberwarfare 57:35 Aligning cybersecurity programs to frameworks There's an internet blackout in Iran. How are videos and images getting out? During Iran’s nationwide internet blackout imposed amid widespread anti-government protests, some citizens have been using Elon Musk’s Starlink satellite servic...
Adversarial Podcast S4E10 – AI impact on cyber jobs, SOC 2 fraud, CISA polygraph failure 14.01.2026 1:06:52
Cloudy Outlook for Cyber Jobs as AI Fills Security Gaps. Cybersecurity hiring growth slowed to 7% in 2025 amid flat budgets and economic uncertainty, with firms shifting spend toward AI automation over expanding teams. Coupang, Inc. (CPNG) Class Period Expanded in Pending Investor Securities Lawsuit - Hagens Berman . Hagens Berman expanded a securities class action against Coupang over alleged cyb...
Adversarial Podcast S4E09 – New Pentagon CIO, age verification in Australia, Microsoft overhauls bug bounty program 24.12.2025 1:09:36
Nation Cyber Strategy Forthcoming The Trump administration is preparing a new national cyber strategy that increasingly relies on private companies to conduct offensive cyber operations on behalf of the U.S. government. Kirsten Davies Confirmed as Pentagon CIO The U.S. Senate confirmed Kirsten Davies as the Department of Defense’s Chief Information Officer, placing her in charge of modernizing and...
Adversarial Podcast S4E08 – Shai-Hulud worm strikes again, critical React vuln, CrowdStrike insider threat 09.12.2025 1:01:54
00:00 Intro 02:33 Shai Hulud 2.0 17:12 Max severity React vulnerability 29:23 CrowdStrike catches insider feeding information to hackers 46:24 Anthropic disruptes AI-orchestrated cyber campaign 52:35 Uncertain economy takes effect on cyber teams Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact Researchers report that Shai-Hulud 2.0 is an ongoing npm supply-chain worm that has compromised h...
Adversarial Podcast S4E07 – The password is "Louvre", AI ransomware, Nevada stands up to ransomware 11.11.2025 1:13:39
00:00 Intro 01:50 Louvre password 08:54 Trump budget cuts 20:35 Google AI threat report 36:56 Nevada didn’t pay ransom 48:25 Moved the needle 58:38 L3Harris Trenchant boss stole exploits, sold to Russia 62:00 Ransomware remediation firm employees go rogue 63:40 Cybersecurity Is A Digital Identity Problem And We Must Deal With It The password for the Louvre’s video surveillance system was “Louvre”...
Adversarial Podcast S4E06 – F5 Breach, AWS Outage, Risk Management vs. Security Engineering 28.10.2025 1:12:12
00:00 Intro 00:50 AWS Outage 20:48 F5 Breach 41:06 Risk Management vs. Security Engineering 58:19 Moving the Needle Part 3 F5 Hack Blamed on China Chinese state-backed hackers allegedly breached U.S. cybersecurity firm F5, gaining year-long access to its systems and BIG-IP source code, prompting security fears and causing the company to warn of revenue impacts and falling shares. AWS Outage A race...
Adversarial Podcast S4E05 – Oracle Zero-Day, US cyber info sharing law expires, UK government guarantor for Jaguar attack 14.10.2025 1:10:43
00:00 Highlight 03:44 Oracle E-Business Suite Zero-Day 14:49 UK government to be guarantor for Jaguar Land Rover cyberattack 25:54 "Moved the needle" Part 2 48:18 12 Security Problems Practitioners Want Solved 1:02:53 National Risk of Losing the CISA 2015 Act? Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign Mandiant and Google Threat Intelligence Group uncovered a large...
Adversarial Podcast S4E04 – "Moving the needle" awards, effect of H-1B changes on cyber industry, Salesloft aftermath 30.09.2025 1:19:23
00:00 Highlight 00:43 Intro 06:40 "Moved the needle" awards 37:05 Scattered Lapsus$ and Jaguar Hack 44:39 One Token to Rule Them All - Entra pwned 1:02:21 H-1B visa changes and their effect on the cyber industry Scattered Lapsus$ and Jaguar Hack Jaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operat...
Adversarial Podcast S4E03 – Fumbled NPM Attack, Entering the AI Browser Market, Salesloft breach 16.09.2025 1:09:18
00:00 Intro 03:10 NPM supply chain attack leaves attackers empty handed 24:44 Why is Atlassian buying a browser company? 37:20 Apple's new Memory Integrity Enforcement 52:56 Salesloft breach leads to downstream hacks Hackers left empty-handed after massive NPM supply-chain attack Hackers briefly compromised popular NPM packages like chalk and debug-js , infecting ~10% of cloud environments, but de...
Adversarial Podcast S4E02 - Cyber acquisitions and raises, 95% of GenAI pilots failing, Zelle's alleged security lapses 04.09.2025 1:16:28
00:00 Introduction & BlackHat 02:06 Cybersecurity in Schools 18:53 Black Hat Conference Highlights 34:02 New York sues Zelle 44:48 Trends in Cybersecurity Mergers and Acquisitions 1:02:44 95% of generative AI pilots at companies are failing 1:08:53 Prompt injection with poisoned calendar invites DARPA announces $4 million winner of AI code review competition at DEF CON DARPA announced Team Atl...
Adversarial Podcast S4E01 - Trump's AI Action Plan, Chip Security Act, receiving gifts from vendors 30.07.2025 51:45
00:00 Introduction & BlackHat 03:14 AI Action Plan Overview 13:30 Chip Security Act 20:48 Government led AI-ISAC? 23:16 UK government considering banning public sector ransomware payments 28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert 42:07 Ethics in Vendor Relationships – Gifts for meetings America's AI Action Plan “America’s AI Action Plan,” released by the...
Adversarial Podcast Ep. 27 - Is AI necessary for cyber investment? Microsoft moving away from kernel-based AV; Moonlighting and Fake IT workers 15.07.2025 1:16:49
00:00 Intro 3:23 Cybersecurity stocks: why now might be the time to buy? 8:55 AI in cyber investment and business 29:28 Microsoft is moving antivirus providers out of the Windows kernel 34:29 New AI Malware PoC Reliably Evades Microsoft Defender 37:08 VSCode Fork; Putting Millions at Risk 43:39 Extensions turn Trojan and infect 2.3M Chrome and Edge users 54:20 US government takes down major North...
Adversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different 01.07.2025 59:27
00:00 Intro 03:17 Banks call out US Treasury's cybersecurity failures 28:54 SEC scraps proposed cybersecurity rules 38:05 What makes AI Security different Banks Challenge Treasury on Cybersecurity Failures . A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt priv...
Adversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements 16.06.2025 1:11:26
00:00 Intro 04:15 Our journeys from CISOs to Entreprenuers 23:48 Trump changes Biden's Cyber EOs 28:40 States rebuff proposed federal ban on AI laws 36:43 Vanta bug exposes customers' data to other customers 49:12 SentinelOne outage 52:53 Banking groups ask SEC to drop incident disclosure requirements 1:00:37 Cybersecurity teams generate average $36M in business growth 1:03:50 Cybersecurity Compan...
Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages 27.05.2025 1:05:15
00:00 Intro 02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals 14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom 26:24 Fake OpenAI MCP Integration 32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials 36:03 Destructive malware available in NPM repo went unnoticed f...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.