Google DeepMind: The Podcast Beyond Phishing: Cyber Threats in the Age of AI with Four Flynn
92 snips
Oct 9, 2025 Paul Flynn, Vice President of Security at Google DeepMind, shares his insights on the evolving landscape of AI-driven cyber threats. He discusses the infamous Operation Aurora and the shift from server-side to client-side attacks, emphasizing the need for zero trust practices. Flynn highlights how LLMs can create polymorphic malware and risks like prompt injection. He also introduces initiatives like Project Big Sleep, which uses AI to discover vulnerabilities, and Project Mender for automating secure patches, showcasing Google's unique position in enhancing cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Operation Aurora’s High-Stakes Response
- Paul Flynn recounts Operation Aurora as a watershed moment where a nation-state attacked Google via a browser exploit combined with phishing.
- He describes frantic holiday forensic work and long team efforts to evict attackers and harden systems.
From Castle Walls To Zero Trust
- Client-side attacks shifted the threat from well-defended servers to users' devices and software.
- This change drove the move from perimeter security to zero trust and defending the user as the primary boundary.
Adopt Assume-Breach Practices
- Assume breach and hunt proactively for intruders rather than relying solely on detection tools.
- Deploy measures like threat hunts and unfishable hardware tokens to reduce account takeover risk.