Risky Business Features
Join reformed CTO James Wilson as he dives deep on cybersecurity topics through an enterprise lens. From solo content and interviews with CISOs and researchers to vendor and startup deep dives, James does a bit of everything.
Episodes
Why NPM v12 won’t stop supply chain attacks
In this podcast episode, James Wilson is joined by Open Source Malware Security co-founder Paul McCarty to talk about the supply chain attack mitigations coming in NPM v12.
NPM disabling (by default) auto-run install scripts and dynamic dependencies is a positive step forward… but it’ll take years for this new version to be adopted, and these changes do nothing to p
Everything is getting much worse, much faster
In this podcast Brad Arkin joins James Wilson to talk about how the fear of being left behind in the AI era means enterprises are taking risks that would have been considered insane just a couple of years ago.
Fears around outages or being hacked have been trumped by fears of being labelled an AI laggard.
So where are we all going? Say hello to tech debt-riddled, v
Solo podcast: A deep dive on TeamPCP
In this solo episode, James Wilson takes a detailed look at TeamPCP.
It started off by launching clumsy attacks against misconfigured Kubernetes clusters in September 2025. But by February this year, TeamPCP had skilled up and was smashing global software supply chains in the highest profile attacks of 2026.
TeamPCP upskilled and turned the software development eco
How to survive supply chain attacks
In this podcast James Wilson chats with Brad Arkin about why software supply chain attacks have gone from rare, once-in-a-while disasters to an operational problem affecting mainstream enterprises almost daily.
AI has made attackers faster, and “vibe coding” means the number of environments pulling packages from the internet has gone to the moon. It also means legac
How the CopyFail disclosure went sideways
In this episode, Theori’s Brian Pak and Andrew Wesie join James Wilson to discuss why the CopyFail exploit was publicly disclosed before Linux distributions had their patches ready. As you’ll hear in this episode, mistakes were made and lessons learned. It’s worth a podcast, too, because in our opinion this incident foreshadows the inevitable problems that open sourc
NCSC’s Ollie Whitehouse on surviving the "bugpocalypse"
In this edition of Risky Business Features Ollie Whitehouse, the CTO of the UK’s National Cyber Security Centre, joins Patrick Gray and James Wilson to talk about why “patch faster” will only get organisations so far in the face of the AI “bugpocalypse”.
As Ollie explains, organisations will need to reduce internet-facing attack surface and make better architecture
What a great agentic AI deployment plan looks like
In this podcast James Wilson and Brad Arkin workshop the advice they think the industry needs to hear when it comes to deploying agentic AI in the enterprise.
Relegating agentic AI to non-sensitive and low-risk tasks doesn’t deliver value, and avoiding all risk stalls progress. James and Brad discuss the phases of AI adoption and contrast what a great plan looks lik
Mythos smythos! How to find 0day with lesser models
In this podcast James Wilson chats with Niels Provos about his research into using older AI models to successfully hunt for 0day vulnerabilities. Niels has had a long and prolific career in cybersecurity, having worked as a Distinguished Engineer at Google and then heading up security at Stripe.
His interest in AI bug hunting was piqued recently when one of the Myth
Solving the AI agent identity problem
In this podcast James Wilson and Brad Arkin chat about emerging trends in AI agent identity and credential management. Brad was formerly the CISO of Adobe, Cisco and Salesforce, and is now working with all sorts of companies that are deploying AI.
With everyone now in at least a large-scale pilot of agentic AI, the issue of how to manage agent identities and credent
A deep dive on AI model distillation attacks
In this solo episode of Risky Business Features James Wilson explores how distillation techniques are both a legitimate way to train smaller models, as well as a way to steal model capabilities. It’s not just a problem for frontier labs! Any LLM-based product could have its competitive advantage stolen through these attacks.
James covers:
High-level concept of d
Feature Interview: Nicholas Carlini, Anthropic
In this episode, Anthropic’s Nicholas Carlini joins Patrick Gray and James Wilson to talk about advancements in AI-driven vulnerability research and exploit development.
Nicholas’ talk at the recent [un]prompted conference demonstrated how Anthropic’s Opus 4.6 could find and exploit vulnerabilities in popular open source projects. In the short few weeks since then,
A builder's perspective on Mythos and frontier models
In this episode, James Wilson is joined by entrepreneur and investor Yaniv Bernstein to discuss Anthropic’s Mythos through the lens of startups and growing businesses. Yaniv is Google’s former VP of Engineering, and is former VP Eng and COO at Airtasker. He’s now an investor and advisor to startups and he co-hosts The Startup Podcast.
Mythos and 0day: Fixing exploits is not safety
In this episode, James Wilson is joined by Brad Arkin who provides a CISO’s perspective on Anthropic’s Mythos. As former CISO at Adobe, Cisco and Salesforce, Brad’s perspective challenges the notion that finding and fixing exploits makes us safer.
Show notes
Mythos and 0day: A hacker’s perspective
In this episode of Risky Business Features, James Wilson chats to professional hacker Jamieson O’Reilly about Anthropic’s Mythos and the impact it could have on offensive security. Jamieson is CEO of DVULN and co-founder of Aether AI. He’s been hacking into organisations for more than a decade, and knows a thing or two about combining AI and offensive security.
What happens after North Korea infiltrates?
In this episode, investigative journalist Geoff White joins James Wilson for a look into the complex machine that is North Korea’s IT worker infiltration scheme. They discuss the interview process, what happens once the workers are actually hired, how value is maximised for the regime, and how the money moves around. It’s even more diabolical than the headlines divul
Why CISOs need to be more flexible in the AI era
In this episode, James Wilson chats with Brad Arkin (former CISO of Adobe, Cisco and Salesforce) to talk about the mounting pressure that CISOs are under in the AI era. Attackers are operating at unprecedented scale, and internal users are adopting AI faster than security teams can keep up. This requires CISOs to bend on things that would have otherwise been a hard-n
A Risky Biz Experiment: Hunting for iOS 0day with AI
In this sort-of-solo episode, James Wilson is “joined” by one of his OpenClaw AI agents for a chat about whether or not an LLM can understand, modify or even create a sophisticated nation-state grade iOS exploit kit. Technically this podcast is James having a conversation with himself, but the exchange is illuminating. It turns out LLMs can really help with finding 0
Interview: Former NSA and CIA cyber leaders on offensive AI
In this interview you’ll hear former NSA executive Rob Joyce and former CIA cyber intelligence leader Andy Boyd talk to host Patrick Gray about how AI is changing the state of art in offensive security.
Recorded in front of a live audience at the Decibel Oasis side event next door to the RSA Conference in San Francisco, the trio also talk about why a series of iOS e
When disaster strykes
In this episode of Risky Business Features, James Wilson and Brad Arkin discuss the attack that devastated medtech company Stryker. It turns out the attackers used Microsoft’s inTune to wipe the company’s devices, but what else could they have weaponised?
This podcast basically turned into an incident review of the Stryker incident. Enjoy!
MCP is Dead
James Wilson delivers his take on the state of the Model Context Protocol (MCP) in this solo episode of Risky Business Features. Despite MCP being the technology that made Large Language Models useful and AI Agents possible, the models have shown us they want to use something else instead. They want to use the shell directly, and that is going to have serious cyberse
They don't break in, they log in. What's an enterprise to do?
In this podcast James Wilson chats with Brad Arkin about how enterprises can better deal with attackers logging in with valid credentials. Stolen identities, weak special-use credentials, and over-scoped API keys are the new zero-day and they’re abundantly available to attackers. Sadly, the solution here isn’t as simple as deploying phishing resistant MFA. Fixing thi
A ridiculously deep dive into the Coruna Exploits
Join James Wilson in this solo podcast as he takes a (ridiculously) deep dive into the Coruna exploit kit. James was a software engineer and senior manager at Apple for many years, so he has an intimate knowledge of iOS internals. He even worked alongside the people who wrote the software that the Coruna kit exploits!
This long-form solo podcast follows the chain of
Being a wartime CISO
In this edition of Risky Business Features James Wilson chats with cohost Brad Arkin about what it’s like being a CISO for a global company when a war starts.
How do you deal with a branch office full of important key material being abandoned? What about cloud infrastructure that’s in a data centre that falls into enemy hands? And if your staff are okay, are any of
What to do about North Korean remote workers
In this podcast James Wilson chats with Brad Arkin about North Korea’s sprawling fake IT worker ecosystem. From fake interviews, to stolen identities, basement laptop farms and IP-KVM tricks, the North Koreans are operating a whole employment fraud industry.
Brad and James discuss how the scheme works in practice and the technical detection challenges defenders now
Former Adobe, Cisco and Salesforce CISO talks AI pentesting
In this debut feature conversation in the Risky Business Features feed James Wilson sits down with Brad Arkin, the former CSO of Adobe, Cisco, and Salesforce, to talk all about AI pentesting.
Finding and fixing bugs is great, but does it materially improve the overall security of a product? What’s the point of a pentest if the tester can’t walk you through their fin
History Repeats: Security in the AI Agent Era
AI agents are being deployed with the same trust-by-default architecture the early internet had. Same mistakes, MUCH faster timeline.
OpenClaw has hit 180K+ GitHub stars. But in the past week:
341 malicious skills on ClawHub were distributing Atomic Stealer
ZeroPath disclosed a Browser Relay vuln enabling cross-tab cookie theft
CrowdStrike, Cisco, and Bitdef
Recommended
1-2-3 Learn Spanish with Me!
128 Civics Questions for U.S. Citizenship Test
12 Hour Sound Machines for Sleep (no loops or fades)
#12minconvos
12 Minute Meditation
12 Rules for Life: An Antidote to Chaos by Jordan B. Peterson, Book Summary, Podcast, English
1440 Explores
1490 Doom - Lore Series Podcast
15 MINS OF FAME
15 Minute Mysteries: The Deep Dive
15 minutes de grâce et de vérité
15 Minutes of Infamy
