PodcastsBusinessModern Cyber with Jeremy Snyder

Modern Cyber with Jeremy Snyder

Jeremy Snyder
Modern Cyber with Jeremy Snyder
Latest episode

120 episodes

  • Modern Cyber with Jeremy Snyder

    This Week in AI Security - 2nd July 2026

    02/07/2026 | 12 mins.
    A lighter week on volume, which gives Jeremy room to go deeper on a set of stories that all reinforce trends we've been tracking for months. The through-line: prompts keep showing up in places nobody thinks to inspect, AI development tooling keeps proving to be a soft target, and the infrastructure around AI is becoming a first-class attack surface. Plus an update on the US government's limited release of Anthropic's Mythos model, and a fresh Five Eyes warning that the cyber risk timeline is measured in months, not years.
    Key Episode Highlights
    GuardFall: research from Versa showing a prompt-injection technique that defeats 10 of the 11 most popular open source coding and computer-use agents (Cline, Goose, Aider, Roo Code, OpenHands, and others) using basic bash obfuscation. Roughly 548,000 combined GitHub stars across the affected tools.
    Amazon Q auto-load flaw: Wiz found the tool auto-loads an amazonq/mcp.json file from cloned repos with no prompt, consent, or workspace-trust check, opening a path to arbitrary code execution.
    Perplexity typosquat: Microsoft Defender uncovered a malicious "Search for Perplexity.ai" extension that captured every keystroke in the address bar and routed it to perplexity-ai.online. AI chat-skimming extensions total roughly 900,000 installs across 20-plus enterprise networks.
    Langflow RCE: a new critical CVE enabling remote code execution and arbitrary Python on exposed instances. Trend Micro documented a 19-day campaign deploying Monero crypto miners.
    Mythos, unblocked (with limits): the US government has lifted its export-control block on Anthropic's Mythos 5 release, though the exact terms remain fuzzy.
    Five Eyes warning: a joint NSA, GCHQ, and allied-agency statement that frontier AI will accelerate the speed, scale, and sophistication of cyber threats, with Bruce Schneier arguing in The Guardian that AI decouples skill from ability.
    Episode Links -
    https://thehackernews.com/2026/06/guardfall-exposes-open-source-ai-coding.html
    https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html
    https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html
    https://www.theguardian.com/technology/2026/jun/22/anthropic-claude-fable-ai-model-artificial-intelligence-national-security
    https://www.cnn.com/2026/06/26/tech/anthropic-mythos-release
    https://thehackernews.com/2026/06/langflow-rce-exploited-to-deploy-monero.html
  • Modern Cyber with Jeremy Snyder

    This Week in AI Security - 25th June 2026

    02/07/2026 | 13 mins.
    This week's episode is short but loaded. Jeremy walks through a run of stories where AI is reshaping both sides of the security fight at once. Models are now surfacing decades-old vulnerabilities that humans never caught, chaining old bugs into new high-impact attacks, and getting jailbroken within days of launch. On top of that: a fresh zero-click exfiltration chain in Microsoft 365 Copilot, a database that doubles as a covert attack channel, a major open source patching initiative from OpenAI and Trail of Bits, and a NIST proof that no fixed set of guardrails can hold forever.
    Key Episode Highlights
    SquidBleed: a Squid proxy flaw sitting in the default config since a 1997 commit, surfaced almost instantly by Claude Mythos Preview under Project Glasswing. Roughly 30 years undetected by humans.
    The HTTP/2 Bomb: a denial-of-service attack chaining an HPACK compression bomb with a Slowloris-style memory hold, built by an AI model that read the codebases and stitched together two old CVEs.
    The Daybreak Initiative: OpenAI pairs GPT-5.5 Cyber with Trail of Bits to find and fix flaws across 30-plus critical open source projects.
    Five Eyes alarm: NSA and CISA issue a rare joint statement warning that frontier AI will transform offense and defense, with a timeline measured in months, not years.
    SearchLeak: Varonis discloses a zero-click Microsoft 365 Copilot Enterprise chain that pulls mail, calendar, and files from a single crafted link. Already patched server-side, no customer action needed.
    "Oops, I weaponized the database": SpecterOps shows native AI features in Microsoft SQL Server 2025 doubling as a covert command and control and exfiltration channel. Microsoft says it's working as designed.
    Meta hits pause: an internal program training AI on employee behavior is halted after sensitive data was exposed to the entire workforce.
    Fable 5 jailbroken: Bruce Schneier reports Anthropic's new Mythos-class model bypassed within days, with its 120,000 character system prompt leaked to GitHub.
    NIST proof: a peer-reviewed result showing no finite set of guardrails can be universally robust against an adaptive adversary.
    Episode Links
    https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html
    https://www.theregister.com/security/2026/06/04/openais-codex-chains-decade-old-dos-techniques-into-http/2-bomb/5251377
    ‍https://openai.com/index/patch-the-planet/
    ‍https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/
    https://specterops.io/blog/2026/06/10/oops-i-weaponized-the-database-abusing-ai-features-in-mssql-2025/
    https://www.wired.com/story/meta-accidentally-let-employees-access-each-others-keystroke-data/
    https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html
    https://www.nist.gov/news-events/news/2026/06/nist-mathematical-proof-supports-transition-continuous-monitor-and-update
  • Modern Cyber with Jeremy Snyder

    Taylor Hersom of Eden Dta

    24/06/2026 | 42 mins.
    In this episode of Modern Cyber, Jeremy is joined by Taylor Hersom, Founder of Eden Data, to explore the critical intersection of cybersecurity, compliance, and enterprise growth.
    They discuss why startups often overinvest in technical security tools while underinvesting in the actual foundation of customer trust. Taylor unpacks how compliance frameworks like SOC 2 and ISO 27001 act as a powerful "trust escrow" for businesses and explains the complex nuances of the Cybersecurity Maturity Model Certification (CMMC) for government contractors and their subcontractors.
    The conversation also tackles the escalating challenge of shadow IT driven by AI tools, the urgent need for structured AI governance, and why the cybersecurity industry must shift away from relying on static employee policies toward implementing automated technical controls that eliminate human error entirely.
    About Taylor Hersom
    Taylor is the Founder of Eden Data, a modern cybersecurity firm recently acquired by Riveron, where it now plays a key role in expanding the firm’s risk advisory platform. A former Deloitte leader and CISO, Taylor brings deep expertise in governance and compliance frameworks, including SOC 2, ISO 27001, and HIPAA. Since founding Eden Data, he has helped hundreds of startups and scaleups—including Nooks AI, Zendesk, Bitly, and Kindbody—navigate everything from early-stage compliance to IPO readiness. He has earned Partner of the Year awards four years in a row from Drata. With his background, Taylor speaks to the evolving intersection of cybersecurity, compliance, and enterprise growth, showing how trust can be a powerful driver of business success.
    Episode Links
    Eden Data: https://www.edendata.com/
    Taylor Hersom on LinkedIn: https://www.linkedin.com/in/taylorhersom/
  • Modern Cyber with Jeremy Snyder

    This Week in AI Security - 18th June 2026

    18/06/2026 | 14 mins.
    In this episode, Jeremy explores the fallout of the first US government-mandated global model kill switch, an unprecedented action taken against Anthropic's new Fable model. We also examine CISA's radical new 3-day vulnerability remediation timeline and how autonomous threats are now weaponizing application monitoring software.
    Key Episode Highlights:
    The Global Kill Switch: Just five days after launch, the US Department of Commerce invoked a sweeping export control directive against Anthropic's Claude Fable model after an Amazon-discovered jailbreak was flagged to national security officials. This action triggered a total global deactivation, limiting access exclusively to US citizens.
    The "Lethal Trifecta" of Agent Hijacking: Toxic researchers define the critical conditions where AI agents become highly weaponizable: concurrent access to sensitive data, exposure to untrusted external content, and the ability to execute outbound actions.
    Sentry "Agentjacking": Attackers are injecting malicious Markdown into standard Sentry error logs to bypass WAF and EDR tools, silently hijacking the AI agents developers deploy to automatically triage and fix code errors.
    CISA BOD 2026-04: As the "Vulnpocalypse" pushes the projected 2026 vulnerability count to 66,000, CISA has issued an emergency Binding Operational Directive that slashes the required patching timeline for critical software flaws down to a blistering 3 days.
    Hugging Face Framework RCE: A newly disclosed critical vulnerability (CVE-2026-4372) proves that a single polluted line in a Hugging Face configuration file can grant full Remote Code Execution on enterprise inference servers.
    The Shai-Hulud Miasma: A sophisticated 4.6MB payload is now exploiting static code analysis within AI development pipelines. The worm intentionally embeds instructions regarding heavily restricted topics (e.g., bomb-making) into error logs to intentionally trigger LLM safety halts, effectively blinding AI security monitoring tools.

    Episode Links
    https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/
    https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
    https://blog.securityjoes.com/post/shai-hulud-miasma-when-a-supply-chain-worm-learned-to-hijack-ai-coding-agents
    https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html
    https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
    https://www.brinztech.com/breach-alerts/brinztech-ai-infrastructure-alert-authentication-evasion-broken-access-controls-and-automated-agent-manipulation-the-in-the-wild-scanning-exploitation-loop-of-praisonai-cve-2026-44338
    https://www.toxsec.com/p/agentic-ai-attacks-explained-lethal-trifecta
    https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/
    https://www.helpnetsecurity.com/2026/06/15/first-2026-cve-forecast/
    https://pluto.security/blog/unauthenticated-remote-code-execution-in-huggingface-transformers-via-config-injection/
    https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
    https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html
  • Modern Cyber with Jeremy Snyder

    Kenneth Ellington of Ellington Cybersecurity Academy

    16/06/2026 | 30 mins.
    In this episode of Modern Cyber, Jeremy sits down with Kenneth Ellington, founder of Ellington Cyber Academy, to explore the rapidly evolving landscape of SIEM engineering, threat hunting, and automated incident response.
    As organizations transition from conceptual AI to deploying agentic AI in production environments, Kenneth shares his extensive hands-on expertise managing complex enterprise security operations across Splunk, Elastic, and Microsoft Sentinel architectures.
    The conversation dives deep into the realities of alert fatigue, explaining why security analysts remain overwhelmed by false positives and how proper data pipeline management is essential before any AI automation can be effectively introduced. Kenneth unpacks the historical shift from SIEMs acting as long-term historical audit records to highly optimized, real-time threat detection engines, while advocating for cost-effective security data lakes for extended threat hunting visibility.
    Then, the discussion tackles the nuances of implementing AI in highly regulated sectors like finance and healthcare, demystifying the difference between marketing buzzwords around SOAR platforms and genuinely actionable AI-assisted threat hunting workflows. Wrapping up, Kenneth shares raw insights into the harsh realities of breaking into the cybersecurity industry today, emphasizing the indispensable need for hard technical skills, strong soft skills, and resilient mental models for aspiring SOC analysts facing trial by fire.
    About Kenneth
    Kenneth Ellington is a Senior SIEM Engineer and cybersecurity entrepreneur, and the Founder of Ellington Cyber Academy (ECA), where he trains the next generation of detection engineers and threat hunters. He previously served as a Senior Consultant at EY, supporting enterprise security operations and SIEM engineering initiatives across complex environments. Kenneth specializes in detection engineering, threat hunting, and XDR architecture, with deep hands-on experience across Splunk, Elastic, and Sentinel ecosystems. He recently spoke at BSides St. Pete, sharing insights on real-world threat detection and building practical cyber talent pipelines.
    Episode Links
    Ellington Cyber Academy: https://www.ellingtoncyberacademy.com/
    Kenneth Ellington on LinkedIn: https://www.linkedin.com/in/kenneth-ellington/
More Business podcasts
About Modern Cyber with Jeremy Snyder
Looking for the latest news and views from the world of AI security?Welcome to Modern Cyber with Jeremy Snyder, a cutting-edge podcast series where cybersecurity thought leaders come together to explore the evolving landscape of digital security. In each episode, Jeremy engages with top cybersecurity professionals, uncovering the latest trends, innovations, and challenges shaping the industry.Also the home of 'This Week in AI Security', a snappy weekly round up of interesting stories from across the AI threat landscape.
Podcast website

Listen to Modern Cyber with Jeremy Snyder, Habits of High Performers Podcast with James Laughlin and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Modern Cyber with Jeremy Snyder: Podcasts in Family