Safe Mode Podcast

Greg Otto talks with Andrew Carney, project manager at DARPA, about the AIxCC competition. With the finals set to be held in August during DEF CON, they discuss how these autonomous systems fared in detecting and remediating vulnerabilities, as well as the key lessons learned from live exercises and the semifinals. The conversation highlights DARPA's vision to merge formal software engineering with large language models to dramatically reduce software vulnerabilities and explains the scientific and engineering advances still needed to achieve this goal at scale. We also examine the challenges of safeguarding critical infrastructure, particularly when so much depends on open-source projects maintained by volunteers, and consider the impact of AI on patch deployment, code verification, and sustainable defense. In the reporter chat, Greg talks with Matt Kapko about a story debunking the 16 billion password hack.

Greg Otto talks with RSA CEO Rohit Ghai on the global shift toward passkeys and passwordless authentication. Together, they explore pressing issues including the differences between consumer and enterprise solutions, infrastructure vulnerabilities, regulatory challenges, and how emerging threats are evolving as passwordless adoption accelerates. The discussion also covers the complexities practitioners face as they navigate credential transitions in a rapidly changing security landscape. In the reporter chat, Greg talks with Matt Kapko about the attack on a top grocery distributor in the United States.

Greg Otto talks with Eran Barak, CEO and co-founder of MIND, on the dramatic rise of insider threats in cybersecurity, exploring recent high-profile cases and the factors fueling this surge. He discusses which industries and data types are most at risk, how insider tactics have evolved, and practical strategies for organizations to detect and prevent internal threats. In our reporter chat, Greg talks with Derek Johnson on how vibe coding can be secure as it grows into a practice that software developers rely on for their work. LINK: https://cyberscoop.com/vibe-coding-ai-cybersecurity-llm/

Greg Otto talks with Rob Ragan, Principal Technology Strategist at Bishop Fox, as he shares his vision of building an “Iron Man suit” for human security testers that is shaping how AI is used in offensive cybersecurity. Rob dives into lessons learned from developing adaptive AI tools, the unique challenges and risks facing modern AI systems, and effective strategies for safeguarding against adversarial attacks and data leakage. Discover how ethical frameworks, innovation, and industry collaboration can drive responsible offensive security, what organizations often get wrong about AI threats, and what’s needed to secure the future as AI transforms the cybersecurity landscape. In our reporter chat, Greg Otto talks with Matt Kapko about a new wave of zero-days impacting Ivanti products.

In this episode, Greg sits down with Olivia Rose, Founder and CISO of the Rose CISO Group, to talk about her role in "CISO: The Worst Job I Ever Wanted," a groundbreaking cybersecurity docuseries that reveals the real experiences of Chief Information Security Officers. This podcast uncovers the pressures, sleepless nights, and personal sacrifices these leaders endure while making critical decisions and shouldering the responsibility of defending the digital world. Through honest and compelling stories, listeners gain a rare glimpse into the human side of one of the most challenging and misunderstood roles in technology. In our reporter chat, Greg Otto talks with Derek Johnson and Tim Starks about their deep dives into why Salt Typhoon may never be out of U.S. telecom systems.

In this episode, Greg sits down with Semperis CEO Mickey Bresman to explore how organizations can proactively prepare for cyber crises before they strike. The conversation centers on the power of tabletop exercises—simulated attack scenarios that test response plans, reveal hidden vulnerabilities, and build muscle memory across teams. Together, Greg and Mickey discuss why preparation is far more than a technical checklist, how effective tabletop exercises bridge the gap between policy and real-world action, and what practical steps leaders can take to protect their organizations from the inside out. In our reporter chat, Greg Otto talks with Cynthia Brumfield about the future of the CVE program.

In this episode, we sit down with Dave Merkel, CEO of Expel to take an honest, practical look at how AI and automation are reshaping the modern Security Operations Center (SOC). Our discussion covers the most tangible changes in daily SOC operations since AI adoption, cutting through industry hype to reveal which claims deserve skepticism and which use cases have delivered meaningful, measurable value. Dave also gives insights into quantifying unique workloads, shaping policies, and fostering understanding between tech teams and business leaders are also addressed, along with the unintended risks AI can introduce to analyst workflows. In our reporter chat, Greg Otto talks with Tim Starks about a jury verdict that compels NSO Group to pay $168M in damages to WhatsApp over spyware infections.

In this episode, Greg talks with Alexander Leslie, Threat Intelligence Analyst for Recorded Future’s Insikt Group and his research on “Marko Polo” – a notorious cybercriminal empire that orchestrates an array of scams, primarily using infostealer malware. Discover how this sophisticated syndicate has victimized tens of thousands worldwide and raked in millions in illicit revenue. Our guest breaks down the inner workings of these elusive "traffer teams," exploring their adaptable tactics, relentless persistence, and the insidious underground economy they fuel. Greg Otto breaks down his biggest takeaways from the RSAC 2025 Conference.

In this discussion, Alex Pinto, Associate Director of Threat Intelligence at Verizon Business and lead author of the Data Breach Investigations Report, shares vital insights on alarming cybersecurity trends. He highlights a staggering 44% of breaches involving ransomware and discusses the surge in exploited vulnerabilities and zero-day attacks, particularly affecting small and mid-sized businesses. Alongside him, Derek Johnson from CyberScoop dives into security challenges posed by OpenAI's latest GPT model, emphasizing the need for robust testing and risk management.

In this episode, Greg talks with Will Pearce, CEO and Co-founder of Dreadnode about the rapidly evolving field of offensive AI security. Greg and Will discuss the unique challenges researchers face in testing AI models for vulnerabilities compared to traditional software, unveiling how adversarial attacks impact AI security and the ethical considerations at play. We also examine the role of regulatory frameworks and emerging threats, shedding light on how insights from offensive AI security can enhance human-AI interactions and elevate security standards across industries. In our reporter chat, Greg talks with Matt Kapko on Ivanti’s issues with security in their network edge devices.