Cyber Uncut

Qualys ANZ managing director Sam Salehi joins the Cyber Uncut podcast to expose the expanding AI attack surface, the governance gaps exposing organisations, and why boards must translate cyber risk into dollars to take it seriously.

This week on the Cyber Uncut podcast, host Liam Garman speaks with Qualys ANZ managing director Sam Salehi about the rapidly evolving "AI attack surface" – from shadow AI usage and prompt injection risks to data leakage and model vulnerabilities – and why a lack of visibility is leaving businesses exposed before they even realise it.
Salehi outlines the core problem facing security leaders: organisations often don't know what AI tools are already in use, let alone how to secure them. The conversation explores how fragmented tooling, poor asset inventory, and missing business context are undermining risk management efforts, while boards continue to push AI adoption for efficiency gains. Salehi argues that leaders are flying blind, prioritising the wrong threats while leaving critical exposures unaddressed.
From data minimisation and API security to continuous monitoring and the rise of the "risk operations centre", Salehi emphasises the need for a unified, risk-based approach. His bottom line is blunt: in an environment where exploitation timelines are shrinking to hours, the only metric that matters is how quickly organisations can detect and close exposure – before attackers do.
Enjoy,
The Cyber Uncut team

The release and messaging surrounding the 2026 National Defence Strategy and 2026 Integrated Investment Program is just the latest salvo in the government's effort to direct the national conversation about our national security.
With the government emphasising major increases in Defence spending over the next decade, the government is hoping that the headline figures and a lack of public understanding of Defence spending will be enough to convince the nation we're doing enough to protect our interests.
Hosts Phil Tarrant, Major General (Ret'd) Dr Marcus Thompson and Steve Kuper deep dive into the current battle for control of the narrative and the unfolding strategies being leveraged to target various Australian demographics, with specific examples in the economic domain as Australians face increasing inflation and fuel insecurity despite what they're being told.
The trio also unpack the latest announcements around the winds of change sweeping through the Department of Defence, with the recent appointments to chief of Defence, chief of Army and the appointment of the new secretary of Defence designed to emphasise the government's priority areas: national resilience and sovereignty.
Enjoy the podcast,
The Contested Ground team

David Hollingworth and Daniel Croft dive into the biggest stories in cyber security and cyber intelligence, and Anthropic's Claude Mythos preview and Project Glasswing continue to cover both – and it's already been breached. Plus, age verification plans in the European Union (EU), and a wrap-up of ransomware incidents impacting Aussie businesses.
Love it or hate it, but age verification appears to be here to stay, and while Australia may be struggling with its implementation, Hollingworth and Croft think the EU may be on to something with its take – find out why, and why it's a better idea than Australia's.
Anthropic's Claude Mythos AI model is hyped as a vulnerability-hunting powerhouse and too dangerous to share, but outsiders have already gotten inside. And one expert thinks the hype for the platform doesn't match the reality.
Finally, it's been another less-than-stellar week for ransomware actors targeting Australian businesses, with a crane manufacturer, a pharmacy, and a family history society all falling victim to hackers.
Just another week in cyber security.
Enjoy,
The Cyber Uncut team

We are consistently reminded that Australia is a maritime trading nation and, as such, is exposed to all the vulnerabilities. So why haven't we prepared accordingly?
As the ceasefire in the Middle East collapses and both sides begin to once again ramp up their efforts to assert control over the Strait of Hormuz and the globally sensitive waterway, Australia is reminded of its inherent vulnerability to global maritime shocks.
To date, Australia's response to these challenges has been to default to the organs and institutions established by the post-World War II order, seeking arbitration, mediation and resolution, however, those mechanisms no longer suffice.
In this episode of the Contested Ground podcast, host Steve Kuper is joined by UNSW's Professor Douglas Guilfoyle and Associate Professor Daniel Prior, authors of the World in Transition report detailing the challenges which face Australia and now thrown into public focus as a result of the conflict in the Middle East.
The trio deep dive into the legal, economic and political challenges that have emerged as a result of the conflict in the Middle East and Australia's mounting issues that will only continue to compound in the coming months.
They also discuss the ramifications of post-Cold War globalisation and the creation and vulnerability of the "just in time" supply chain ecosystems and what can be done to minimise our exposure to these challenges.
Finally, they also interrogate the phenomena of "friendshoring" and "reshoring" as solutions to bringing supply chains closer to home as a means of securing national interests and what models can be leveraged to change Australia's self-inflicted vulnerability.
Enjoy the podcast,
The Contested Ground team

Many organisations struggle with the changing nature of cyber security compliance and regulations – but it can be a powerful force for positive change, according to the head of advisory and assurance at Fujitsu, Laura O'Neill.

Join Cyber Daily's deputy editor, David Hollingworth, and Fujitsu's Laura O'Neill as they take an insightful look at the world of compliance and regulations in the age of AI adoption at scale and an expanding threat landscape.
In this essential podcast, the pair analyse the shift from "compliance" to "continuous cyber accountability" before moving onto critical infrastructure and its modern definition, the challenges of securing ever more complex supply chains and how, at the end of the day, it's all about keeping businesses and their processes ready to face the inevitable without fear.
O'Neill will be a guest at this month's Australian Cyber Summit, along with range of other exceptional speakers and panellists, so get your tickets now!