Jerry Perullo, Sounil Yu, Mario Duarte

The Adversarial Podcast

Business EN ↓ 58 episodes

Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.

Author

Jerry Perullo, Sounil Yu, Mario Duarte

Category

Business

Podcast website

adversarial.com

Latest episode

Jul 1, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

S4E21 - Travel Security, AI Defense Matrix, Startup Security 01.07.2026

In this episode, Jerry, Mario, and Sounil delve into cybersecurity challenges related to travel, threat models, AI security, and best practices for startups. They explore practical strategies for managing security risks in a rapidly evolving digital landscape, emphasizing the importance of threat modeling, secure coding, and organizational priorities. 00:00 Intro 01:55 Travel Restrictions and Secu...

S4E20 - AI Executive Order, Project Glasswing Expanding, Cybersecurity Workforce 09.06.2026

Promoting Advanced Artificial Intelligence Innovation and Security The White House EO pushes federal agencies toward AI-enabled cyber defense, frontier-model benchmarking, and a voluntary framework for trusted access to high-end AI systems. Expanding Project Glasswing Anthropic is widening Project Glasswing beyond its first cohort, giving more trusted security teams access to Claude Mythos Preview...

S4E19 – Canvas hacked, Cloudflare layoffs, GitHub CVE rundown 12.05.2026

Canvas hack strands university students during finals week . A Canvas cyberattack hit universities and K-12 schools during finals, locking students and teachers out of grades, assignments, lecture materials, and exams at the worst possible moment. Building for the future. Cloudflare says it is cutting more than 1,100 employees as it restructures around internal AI-driven workflows, even as the tim...

S4E18 – Mythos and TPRM, does SOC 2 really work? 28.04.2026

00:34 - Introduction 03:33 - Enterprise Challenges 07:08 - End User and Browsers 21:55 - Vulnerability Metrics 40:37 - Approaching Leadership 42:09 - TPRM Discussion 46:40 - Sharing Findings 01:03:04 - Conclusion Mozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150 Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150 Mozilla let Anthropic’s Mythos loose on...

S4E17 – Mythos, Delve's downfall, and supply chain attacks 23.04.2026

Project Glasswing ( https://www.anthropic.com/glasswing ) Anthropic is letting AWS, Apple, Google, Microsoft, JPMorgan, Cisco, NVIDIA, and friends point Claude Mythos at their shared attack surface while backing it with $100M in credits and $4M for OSS security groups so blue teams can burn down latent vulns before the offense gets equivalent AI. Inside the TeamPCP cascading supply chain attack (...

Special RSAC episode with Cloudflare - Cybersecurity and AI, CISO/Board dynamics, future of cybersecurity 14.04.2026

The Adversarial Podcast brings you a special episode in collaboration with Cloudflare's Security Signal Podcast. 0:39 - 3:33 AI Governance and Autonomy 6:26 - 8:49 Human in the Loop 9:17 - 11:40 Cybersecurity and AI 15:26 - 18:19 Resilience and Anti-Fragility 28:24 - 33:05 Threat Intelligence 33:31 - 36:50 Board and CISO Dynamics 41:09 - 42:35 Future of Cybersecurity 42:35 - 44:14 Books and Resour...

S4E15 – RSAC, Iranian hackers, White House's Cyber Strategy and Cyber EOs, the Future of TPRM 17.03.2026

Iran-linked hackers claim responsibility for attack on US medical device maker Stryker Attackers tied to Iran say they hit Stryker, and investors punished the stock as the company scrambled to assess exposure. Trump Signs Executive Order Aimed at Cybercrime Gangs The President issued an order to tide together federal tools, international partners, and private-sector incentives for hunting down and...

S4E14 – Federal Gov vs. Anthropic, 40% layoff at Blocks due to AI 03.03.2026

Claude Code Security research preview Claude now reasons about code like a human researcher, re-checks its own findings for confidence, and surfaces patch suggestions in a dashboard while keeping humans in control—limited preview for Enterprise/Team customers plus expedited access for open-source maintainers. Pentagon gives Anthropic a best-and-final offer With a deadline looming, the Pentagon dem...

S4E13 – Munich Security Conference, hiring AI specialists, Gemini used by criminals 18.02.2026

GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use Google’s threat team distills red-team learnings from sophisticated experimentation as it hardens defenses and anticipates adversarial AI backdoors. New Trump Cyber Strategy Prompts Companies to Mull Legal Limits The administration’s aggressive cyber doctrine is forcing firms to reconsider...

Adversarial Podcast S4E12 – Curl shuts down bug bounty program, most expensive security control that gave zero security 05.02.2026

The end of the curl bug bounty program. Curl’s creator Daniel Stenberg announced the shutdown of the project’s bug-bounty program because overwhelming volumes of low-quality and AI-generated reports, coupled with bad-faith security submissions, impose excessive mental and time costs while providing little real improvement to the software. Changing Federal Reserve Regulations. The memo directs Fede...

Adversarial Podcast S4E11 – Iran Internet blackout, threat intelligence briefings, cyber framework alignment 20.01.2026

00:00 Intro 01:40 Iran's Internet blackout 48:06 U.S. Weighs Expanding Private Companies’ Role in Cyberwarfare 57:35 Aligning cybersecurity programs to frameworks There's an internet blackout in Iran. How are videos and images getting out? During Iran’s nationwide internet blackout imposed amid widespread anti-government protests, some citizens have been using Elon Musk’s Starlink satellite servic...

Adversarial Podcast S4E10 – AI impact on cyber jobs, SOC 2 fraud, CISA polygraph failure 14.01.2026

Cloudy Outlook for Cyber Jobs as AI Fills Security Gaps. Cybersecurity hiring growth slowed to 7% in 2025 amid flat budgets and economic uncertainty, with firms shifting spend toward AI automation over expanding teams. Coupang, Inc. (CPNG) Class Period Expanded in Pending Investor Securities Lawsuit - Hagens Berman . Hagens Berman expanded a securities class action against Coupang over alleged cyb...

Adversarial Podcast S4E09 – New Pentagon CIO, age verification in Australia, Microsoft overhauls bug bounty program 24.12.2025

Nation Cyber Strategy Forthcoming The Trump administration is preparing a new national cyber strategy that increasingly relies on private companies to conduct offensive cyber operations on behalf of the U.S. government. Kirsten Davies Confirmed as Pentagon CIO The U.S. Senate confirmed Kirsten Davies as the Department of Defense’s Chief Information Officer, placing her in charge of modernizing and...

Adversarial Podcast S4E08 – Shai-Hulud worm strikes again, critical React vuln, CrowdStrike insider threat 09.12.2025

00:00 Intro 02:33 Shai Hulud 2.0 17:12 Max severity React vulnerability 29:23 CrowdStrike catches insider feeding information to hackers 46:24 Anthropic disruptes AI-orchestrated cyber campaign 52:35 Uncertain economy takes effect on cyber teams Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact Researchers report that Shai-Hulud 2.0 is an ongoing npm supply-chain worm that has compromised h...

Adversarial Podcast S4E07 – The password is "Louvre", AI ransomware, Nevada stands up to ransomware 11.11.2025

00:00 Intro 01:50 Louvre password 08:54 Trump budget cuts 20:35 Google AI threat report 36:56 Nevada didn’t pay ransom 48:25 Moved the needle 58:38 L3Harris Trenchant boss stole exploits, sold to Russia 62:00 Ransomware remediation firm employees go rogue 63:40 Cybersecurity Is A Digital Identity Problem And We Must Deal With It The password for the Louvre’s video surveillance system was “Louvre”...

Adversarial Podcast S4E06 – F5 Breach, AWS Outage, Risk Management vs. Security Engineering 28.10.2025

00:00 Intro 00:50 AWS Outage 20:48 F5 Breach 41:06 Risk Management vs. Security Engineering 58:19 Moving the Needle Part 3 F5 Hack Blamed on China Chinese state-backed hackers allegedly breached U.S. cybersecurity firm F5, gaining year-long access to its systems and BIG-IP source code, prompting security fears and causing the company to warn of revenue impacts and falling shares. AWS Outage A race...

Adversarial Podcast S4E05 – Oracle Zero-Day, US cyber info sharing law expires, UK government guarantor for Jaguar attack 14.10.2025

00:00 Highlight 03:44 Oracle E-Business Suite Zero-Day 14:49 UK government to be guarantor for Jaguar Land Rover cyberattack 25:54 "Moved the needle" Part 2 48:18 12 Security Problems Practitioners Want Solved 1:02:53 National Risk of Losing the CISA 2015 Act? Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign Mandiant and Google Threat Intelligence Group uncovered a large...

Adversarial Podcast S4E04 – "Moving the needle" awards, effect of H-1B changes on cyber industry, Salesloft aftermath 30.09.2025

00:00 Highlight 00:43 Intro 06:40 "Moved the needle" awards 37:05 Scattered Lapsus$ and Jaguar Hack 44:39 One Token to Rule Them All - Entra pwned 1:02:21 H-1B visa changes and their effect on the cyber industry Scattered Lapsus$ and Jaguar Hack Jaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operat...

Adversarial Podcast S4E03 – Fumbled NPM Attack, Entering the AI Browser Market, Salesloft breach 16.09.2025

00:00 Intro 03:10 NPM supply chain attack leaves attackers empty handed 24:44 Why is Atlassian buying a browser company? 37:20 Apple's new Memory Integrity Enforcement 52:56 Salesloft breach leads to downstream hacks Hackers left empty-handed after massive NPM supply-chain attack Hackers briefly compromised popular NPM packages like chalk and debug-js , infecting ~10% of cloud environments, but de...

Adversarial Podcast S4E02 - Cyber acquisitions and raises, 95% of GenAI pilots failing, Zelle's alleged security lapses 04.09.2025

00:00 Introduction & BlackHat 02:06 Cybersecurity in Schools 18:53 Black Hat Conference Highlights 34:02 New York sues Zelle 44:48 Trends in Cybersecurity Mergers and Acquisitions 1:02:44 95% of generative AI pilots at companies are failing 1:08:53 Prompt injection with poisoned calendar invites DARPA announces $4 million winner of AI code review competition at DEF CON DARPA announced Team Atl...

Adversarial Podcast S4E01 - Trump's AI Action Plan, Chip Security Act, receiving gifts from vendors 30.07.2025

00:00 Introduction & BlackHat 03:14 AI Action Plan Overview 13:30 Chip Security Act 20:48 Government led AI-ISAC? 23:16 UK government considering banning public sector ransomware payments 28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert 42:07 Ethics in Vendor Relationships – Gifts for meetings America's AI Action Plan “America’s AI Action Plan,” released by the...

Adversarial Podcast Ep. 27 - Is AI necessary for cyber investment? Microsoft moving away from kernel-based AV; Moonlighting and Fake IT workers 15.07.2025

00:00 Intro 3:23 Cybersecurity stocks: why now might be the time to buy? 8:55 AI in cyber investment and business 29:28 Microsoft is moving antivirus providers out of the Windows kernel 34:29 New AI Malware PoC Reliably Evades Microsoft Defender 37:08 VSCode Fork; Putting Millions at Risk 43:39 Extensions turn Trojan and infect 2.3M Chrome and Edge users 54:20 US government takes down major North...

Adversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different 01.07.2025

00:00 Intro 03:17 Banks call out US Treasury's cybersecurity failures 28:54 SEC scraps proposed cybersecurity rules 38:05 What makes AI Security different Banks Challenge Treasury on Cybersecurity Failures . A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt priv...

Adversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements 16.06.2025

00:00 Intro 04:15 Our journeys from CISOs to Entreprenuers 23:48 Trump changes Biden's Cyber EOs 28:40 States rebuff proposed federal ban on AI laws 36:43 Vanta bug exposes customers' data to other customers 49:12 SentinelOne outage 52:53 Banking groups ask SEC to drop incident disclosure requirements 1:00:37 Cybersecurity teams generate average $36M in business growth 1:03:50 Cybersecurity Compan...

Adversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages 27.05.2025

00:00 Intro 02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals 14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom 26:24 Fake OpenAI MCP Integration 32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials 36:03 Destructive malware available in NPM repo went unnoticed f...

Listen to the The Adversarial Podcast podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.