Risky Business Features Podcast

In this podcast James Wilson and Brad Arkin workshop the advice they think the industry needs to hear when it comes to deploying agentic AI in the enterprise.

Relegating agentic AI to non-sensitive and low-risk tasks doesn’t deliver value, and avoiding all risk stalls progress. James and Brad discuss the phases of AI adoption and contrast what a great plan looks like, versus an overly cautious one.

In this podcast James Wilson chats with Niels Provos about his research into using older AI models to successfully hunt for 0day vulnerabilities. Niels has had a long and prolific career in cybersecurity, having worked as a Distinguished Engineer at Google and then heading up security at Stripe.

His interest in AI bug hunting was piqued recently when one of the Mythos 0day vulnerabilities that received lots of attention happened to be in code he wrote for the OpenBSD project 27 years ago.

It got him thinking: Are these frontier models really that magical? Or could we replicate their findings with some clever orchestration instead of relying on the model’s smarts to find bugs with a single prompt?

As it turns out, this was worth looking into. Niels’ orchestration framework, Iron Curtain, works extremely well.

This episode is also available on YouTube

In this podcast James Wilson and Brad Arkin chat about emerging trends in AI agent identity and credential management. Brad was formerly the CISO of Adobe, Cisco and Salesforce, and is now working with all sorts of companies that are deploying AI.

With everyone now in at least a large-scale pilot of agentic AI, the issue of how to manage agent identities and credentials is still an unsolved problem. But, some interesting patterns are emerging.

In this solo episode of Risky Business Features James Wilson explores how distillation techniques are both a legitimate way to train smaller models, as well as a way to steal model capabilities. It’s not just a problem for frontier labs! Any LLM-based product could have its competitive advantage stolen through these attacks.

James covers:

• High-level concept of distillation
• Why it matters including close/open-weight/open-source explanation
• Types of distillation and the prompts used
• The distillation pipeline end to end
• Distillation at scale and mitigation techniques
• Hardware resource constraints for distillation

In this episode, Anthropic’s Nicholas Carlini joins Patrick Gray and James Wilson to talk about advancements in AI-driven vulnerability research and exploit development.

Nicholas’ talk at the recent [un]prompted conference demonstrated how Anthropic’s Opus 4.6 could find and exploit vulnerabilities in popular open source projects. In the short few weeks since then, Anthropic announced a new model that’s already identifying hundreds of bug fixes across critical software. Nicholas talks us through the work he does at Anthropic, what’s possible and the limitations with current frontier models, and where this goes from here.

This episode is also available on YouTube

In this episode, James Wilson is joined by entrepreneur and investor Yaniv Bernstein to discuss Anthropic’s Mythos through the lens of startups and growing businesses. Yaniv is Google’s former VP of Engineering, and is former VP Eng and COO at Airtasker. He’s now an investor and advisor to startups and he co-hosts The Startup Podcast.

In this episode, James Wilson is joined by Brad Arkin who provides a CISO’s perspective on Anthropic’s Mythos. As former CISO at Adobe, Cisco and Salesforce, Brad’s perspective challenges the notion that finding and fixing exploits makes us safer.

In this episode of Risky Business Features, James Wilson chats to professional hacker Jamieson O’Reilly about Anthropic’s Mythos and the impact it could have on offensive security. Jamieson is CEO of DVULN and co-founder of Aether AI. He’s been hacking into organisations for more than a decade, and knows a thing or two about combining AI and offensive security.

In this episode, investigative journalist Geoff White joins James Wilson for a look into the complex machine that is North Korea’s IT worker infiltration scheme. They discuss the interview process, what happens once the workers are actually hired, how value is maximised for the regime, and how the money moves around. It’s even more diabolical than the headlines divulge.

In this episode, James Wilson chats with Brad Arkin (former CISO of Adobe, Cisco and Salesforce) to talk about the mounting pressure that CISOs are under in the AI era. Attackers are operating at unprecedented scale, and internal users are adopting AI faster than security teams can keep up. This requires CISOs to bend on things that would have otherwise been a hard-no in the past, and revisit some fundamental controls that might have seemed too difficult previously.