Risky Business cover art

Risky Business

Risky Business

Written by: Patrick Gray
Listen for free

About this listen

 Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.Copyright Risky Business Media 2007-2026 Politics & Government
Episodes
  • Risky Biz Soap Box: The lethal trifecta of AI risks

    Risky Biz Soap Box: The lethal trifecta of AI risks
    Feb 19 2026

    There’s a lethal trifecta of AI risks: access to private data, exposure to untrusted content, and external communication. In this conversation, Risky Business host Patrick Gray chats with Josh Devon, the co-founder of Sondera, about how to best address these risks.

    There is no magic solution to this problem. AI models mix code and data, are non-deterministic, and are crawling around all over your enterprise data and APIs as you read this.

    But in this sponsored interview, Josh outlines how we can start to wrap our hands around the problem.

    This episode is also available on Youtube.

    Show notes
      Show More Show Less
      38 mins
    • Risky Business #825 -- Palo Alto Networks blames it on the boogie

      Risky Business #825 -- Palo Alto Networks blames it on the boogie
      Feb 18 2026
      On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shushAn increasing proportion of ransomware is data extortion. Is this good?Cambodia says it’s going to dismantle scam compoundsCISA sufferers through yet another shutdownGoogle Gemini’s training secrets are being systematically harvested to improve other LLMsAcademics assess SaaS password managers’ resilience against a malicious server This episode is sponsored by SSO-firewall integration vendor Knocknoc. Chief exec Adam Pointon joins to talk about the latest in defences… which is to say Knocknoc for Solaris/Sparc and HPUX on PA-RISC?! Okay also that other little known OS… Windows. This episode is also available on Youtube. Show notes Data-only extortion grows as ransomware gangs seek better profits | Cybersecurity DiveArctic Wolf Threat Report 2026Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources sayRisky Bulletin: Cambodia promises to dismantle scam networks by April - Risky Business MediaAge of the ‘scam state’: how an illicit, multibillion-dollar industry has taken root in south-east Asia | Cybercrime | The GuardianCritical flaw in BeyondTrust Remote Support sees early signs of exploitation | Cybersecurity DiveCISA Navigates DHS Shutdown With Reduced Staff - SecurityWeekKimwolf Botnet Swamps Anonymity Network I2P – Krebs on SecurityBADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign — Elastic Security LabsOver 500,000 VKontakte accounts hijacked through malicious Chrome extensions | The Record from Recorded Future NewsPassword managers' promise that they can't see your vaults isn't always true - Ars TechnicaZero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password ManagersGoogle finds state-sponsored hackers use AI at 'all stages' of attack cycle | CyberScoopGoogle: Gemini hit with 100,000+ prompts in cloning attemptProofpoint acquires Acuvity to tackle the security risks of agentic AI | CyberScoopCisco Redefines Security for the Agentic Era with AI Defense Expansion and AI-Aware SASESophos Acquires Arco Cyber to Bring CISO-Level, Agentic AI-Powered Expertise to Every OrganizationDave Kennedy on X: "Regarding this, there was a couple questions on does the pacemaker continue to advertise - most BLE implantable devices go into a sleep type mode. In this case, we are lucky - it does not. We know based on law enforcement answers that she is using a more modern pacemaker with" / XClash Report on X: "BIG: Dutch Defence Minister Gijs Tuinman hints that software independence is possible for F-35 jets. He literally said you can “jailbreak” an F-35. When asked if Europe can modify it without US approval: “That’s not the point… we’ll see whether the Americans will show https://t.co/f11cGvtYsO" / XDutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News
      Show More Show Less
      1 hr and 3 mins
    • Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly

      Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly
      Feb 11 2026
      On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Microsoft reshuffles security leadership. It doesn’t spark joy.Russia is hacking the Winter Olympics. Again. But y tho?China-linked groups are keeping busy, hacking telcos in Norway, Singapore and dozens of othersCampaigns underway targeting Ivanti, BeyondTrust and SolarWinds productsAn unknown hero blocks 23/tcp on the US internet backboneAnd James Wilson pops into talk about Claude’s go at a C compiler This week’s episode is sponsored by Ent.AI, an AI startup that isn’t quite ready to tell us all what they’re doing. But nevertheless, founder Brandon Dixon joins to discuss AI’s role in security. Where does language-based understanding take us that previous methods couldn’t? This episode is also available on Youtube. Show notes Updates in two of our core priorities - The Official Microsoft BlogStrengthening Windows trust and security through User Transparency and Consent | Windows Experience BlogMicrosoft prepares to refresh Secure Boot’s digital certificate | Cybersecurity DiveMicrosoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities | CyberScoopMicrosoft releases urgent Office patch. Russian-state hackers pounce. - Ars TechnicaItaly blames Russia-linked hackers for cyberattacks ahead of Winter Olympics | The Record from Recorded Future NewsResearchers uncover vast cyberespionage operation targeting dozens of governments worldwide | The Record from Recorded Future NewsGermany warns of state-linked phishing campaign targeting journalists, government officials | The Record from Recorded Future NewsNorwegian intelligence discloses country hit by Salt Typhoon campaign | The Record from Recorded Future NewsSingapore says China-linked hackers targeted telecom providers in major spying campaign | The Record from Recorded Future NewsLargest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector | Cyber Security Agency of SingaporeHow Intel and Google Collaborate to Strengthen Intel® TDXStrengthening the Foundation: A Joint Security Review of Intel TDX 1.5 - Google Bug HuntersActive Exploitation of SolarWinds Web Help Desk (CVE-2025-26399) | HuntressEU, Dutch government announce hacks following Ivanti zero-days | The Record from Recorded Future NewsNorth Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam | The Record from Recorded Future NewsBeyondTrust warns of critical RCE flaw in remote support softwareRapid7 Analysis of CVE-2026-1731Building a C compiler with a team of parallel Claudes \ Anthropic(1) Post by @ryiron.bsky.social — BlueskyWhat AI Security Research Looks Like When It Works | AISLESouth Korean crypto exchange races to recover $40bn of bitcoin sent to customers by mistake | South Korea | The GuardianWhite House to meet with GOP lawmakers on FISA Section 702 renewal | The Record from Recorded Future News
      Show More Show Less
      56 mins
    No reviews yet