Department of Know: VoidLink threatens multi-cloud, flaw threatens Claude extension, China practices on infrastructure

Cybersecurity Headlines: Department of Know

Episode Date: February 17, 2026
Theme: Analyzing emerging multi-cloud threats, new AI and extension vulnerabilities, and the impact of evolving nation-state cyber activities on infrastructure resilience.

Episode Overview

This episode, hosted by Sarah Lane, features John Collins (Field CTO, Gigaom) and Adam Palmer (CISO, First Hawaiian Bank), exploring the rapidly transforming cybersecurity landscape. Main topics include:

The AI-generated VoidLink malware threatening multi-cloud environments
A high-risk flaw in Anthropic's Claude extension
How China's cyber range rehearsals are shifting attack preparedness and resilience
Ongoing debate about governance and policy lagging behind technology

Key Discussion Points & Insights

1. The "No or Know" Segment: Reacting to Current Threats

(Starts ~02:00)

SolarWinds Web Help Desk Vulnerabilities

Adam Palmer [02:29]: "Internet exposed internal administrative tools are a high risk... attackers reuse the trust relationship."
- Emphasizes exposure over brand—tools exposed to the internet are never really internal anymore.
John Collins [03:05]: Calls for broader reflection beyond SolarWinds—urges organizations to review every remote software package with internal access.

OpenClaw AI Agent Platform Vulnerabilities

John Collins [04:32]: "I think it's a not yet, if I'm honest ... It's more of a people thing than a technology thing."
- Warns that shadow AI risks are budding and need policy now, especially among dev teams.
Adam Palmer [05:20]: "Shadow AI is evolving faster than most security programs... focus should be bringing attention to visibility and governance."
- Stresses the speed at which ungoverned, powerful AI agents can proliferate inside organizations.

Intel TDX Vulnerabilities

Adam Palmer [07:14]: "Severity doesn't automatically equal urgency."
- Notes the importance of response context and that not all patched high-severity bugs are urgent for every org.
John Collins [08:06]: Relieved issues are patched upstream: "If this is literally, we found some stuff and we fixed it ... let's get on with our lives."

Google’s $32B Acquisition of Wiz (Cloud Security)

Adam Palmer [09:10]: Considers platform consolidation risks: "M&A can reshape risk quietly ... affects negotiation leverage and integrations."
John Collins [09:56]: Points out possible security architecture shifts if Google bundles Wiz’s kernel-based tools.

Notable Quote

"Market consolidation affects long-term platform dependencies and ... our negotiation leverage."
— Adam Palmer [09:10]

2. Deep Dive: Multi-Cloud Malware and AI-Generated Threats

(VoidLink segment starts ~12:40)

Context: VoidLink can persist across AWS, Azure, GCP, Alibaba, Tencent—using AI-written code, credential theft, and system fingerprinting.
AI-generated threat design: LLM-coded, little human review.

John Collins [13:08]:

"Everything’s moving faster than security policies and practices... any exploitable thing ... will be worked through one by one, very damn fast over the next six months. The velocity of this stuff is astounding." - Stresses urgent need for understanding software provenance and supply chain security.

Emphasizes that attackers are no longer limited by human speed—AI now enables methodical exploitation at scale.

Adam Palmer [14:39]:

"Attackers don’t care what cloud you’re in, they just care who they can impersonate. ... AI doesn’t make malware smarter, but it can make it cheaper and easier to produce." - Focuses on the efficiency and cross-cloud targetability of new malware.

Debate on Red Flags and Automation:

John Collins [16:09]: Reflects on the shift: “We’ve spent decades relying on attackers’ human limits... but now, every possible combination can be tried microsecond by microsecond.”
Describes a temporary “window” where attackers have more material than can be exploited—until automation closes that gap.

Adam Palmer [18:52]:

"The efficiency, the scale and the adaptation of attackers ... is likely to only increase." - Long-term concern is about malicious scalability, not just novelty.

3. Governance Gaps: Claude Extension Zero-Click Flaw

(Anthropic story ~20:45)

Flaw: Zero-click code execution on >10k Claude desktop extension users, triggered by malicious calendar events, no sandboxing.
Anthropic’s response: Declined to fix, says issue is outside threat model (it’s up to users to manage extension permissions).

John Collins [21:48]:

"Maybe contractually right, but ethically wrong... You can't just say, 'it's not the fault of the first system.'" - As integration and agentic approaches proliferate, vendors must assume responsibility for tool chaining risks.

Adam Palmer [23:25]:

"AI agents can't be treated like junior employees with superuser access... Automation without guardrails is really just accelerated risk." - Highlights the need for treating AI as privileged insiders with clear governance and monitoring.

Notable Quotes

"User consent alone is not what I would consider a sufficient threat model."
— Adam Palmer [23:25]

4. China’s Cyber Range Rehearsals: From Prevention to Resilience

(China cyber range segment ~24:35)

China uses the “Expedition Cloud” to simulate attacks on critical infrastructure across Asia, employing AI-driven automation.

Adam Palmer [25:29]:

"Cyber resilience is now part of national resilience... Focus shifts from perfect prevention to resilience, recovery, and coordination." - For organizations near military targets (like Hawaiian banks), cyber and geopolitical risks are intertwined.

Difference for Hawaii-based Institutions:

Adam Palmer [26:57]: "My threat landscape is the same as all the military operations that I share with..."
- Attacks against military targets are likely to “spill over” to local institutions due to network proximity.

Business-Critical Infrastructure Lessons (John Collins [28:06]):

"Not all infrastructure is national critical, but ask: what amounts to business critical? ... You can’t counter everything, but you can have a damn good think about the most likely attacks and how to mitigate or react to them." - Advocates for clear business continuity, disaster recovery (BCDR), and practical risk-register exercises.

5. Final Advice: Staying Ahead in a Rapidly Evolving Threat Landscape

(Advice wraps ~29:52)

John Collins [30:12]:

"The speed at which cyber is going to change over the next six months ... is staggering. You need speed of awareness, speed of action." - “Don’t be that guy” who ignores the oncoming wave—prepare now.

Adam Palmer [31:13]:

"Security is a trust function, not a technology stack. ... The CISOs that will be successful will be those who design trust and effective decision making into their programs." - "The future CISO should be and is a trust architect."

Notable Quotes & Memorable Moments

"Shadow AI is evolving faster than most security programs." – Adam Palmer [05:20]
"You can't just say ... it's not the fault of the first system. Everyone has to take some commit into that integration situation." – John Collins [21:48]
"Automation without guardrails is really just accelerated risk." – Adam Palmer [23:25]
"Cyber resilience is now part of national resilience." – Adam Palmer [25:29]
"Security is a trust function, not a technology stack." – Adam Palmer [31:13]
"Don’t be that guy, don’t be that girl ... Not only do you need to keep up to date, but you need speed of awareness, speed of action." – John Collins [30:12]

Segment Timestamps

| Segment/Topic | Timestamp | |--------------------------------------------------|------------| | Opening/CISO Priorities & Show Intro | 00:00–01:40| | No or Know: SolarWinds Web Help Desk | 02:00–03:50| | No or Know: OpenClaw AI Vulnerability | 03:49–06:25| | No or Know: Intel TDX Vulnerabilities | 06:25–08:31| | No or Know: Google Acquires Wiz | 08:31–11:15| | FEATURE: VoidLink AI-assisted Multi-cloud Malware| 12:40–19:27| | FEATURE: Claude Zero-Click Extension Vulnerability| 20:45–24:35| | FEATURE: China’s Cyber Range & National Resilience| 24:35–29:52| | Final Advice from Guests | 29:52–31:50|

Tone Summary

Insightful, practical, and candid — with both guests openly debating and agreeing the biggest concern is the accelerating gap between technological evolution and governance or policy adaptation. Repeated emphasis on the need for trust, governance, and practical risk response — not just technical fixes.

Takeaways for Security Leaders

Prepare for multi-cloud malware persistence at machine (not human) speed.
Do not rely solely on vendor boundaries or user consent—integrations expand your threat model.
Governance, risk prioritization, and trust-building are more vital than ever.
Shift focus: From pure prevention to resilience, especially amid nation-state activity.
Anticipate exponential change—act now, not later.

For full stories, insights, and links to guests, visit CISOseries.com.

Cybersecurity Headlines: Department of Know

Episode Overview

The AI-generated VoidLink malware threatening multi-cloud environments
A high-risk flaw in Anthropic's Claude extension
How China's cyber range rehearsals are shifting attack preparedness and resilience
Ongoing debate about governance and policy lagging behind technology

Key Discussion Points & Insights

1. The "No or Know" Segment: Reacting to Current Threats

(Starts ~02:00)

SolarWinds Web Help Desk Vulnerabilities

Adam Palmer [02:29]: "Internet exposed internal administrative tools are a high risk... attackers reuse the trust relationship."
- Emphasizes exposure over brand—tools exposed to the internet are never really internal anymore.
John Collins [03:05]: Calls for broader reflection beyond SolarWinds—urges organizations to review every remote software package with internal access.

OpenClaw AI Agent Platform Vulnerabilities

John Collins [04:32]: "I think it's a not yet, if I'm honest ... It's more of a people thing than a technology thing."
- Warns that shadow AI risks are budding and need policy now, especially among dev teams.
Adam Palmer [05:20]: "Shadow AI is evolving faster than most security programs... focus should be bringing attention to visibility and governance."
- Stresses the speed at which ungoverned, powerful AI agents can proliferate inside organizations.

Intel TDX Vulnerabilities

Adam Palmer [07:14]: "Severity doesn't automatically equal urgency."
- Notes the importance of response context and that not all patched high-severity bugs are urgent for every org.
John Collins [08:06]: Relieved issues are patched upstream: "If this is literally, we found some stuff and we fixed it ... let's get on with our lives."

Google’s $32B Acquisition of Wiz (Cloud Security)

Adam Palmer [09:10]: Considers platform consolidation risks: "M&A can reshape risk quietly ... affects negotiation leverage and integrations."
John Collins [09:56]: Points out possible security architecture shifts if Google bundles Wiz’s kernel-based tools.

Notable Quote

"Market consolidation affects long-term platform dependencies and ... our negotiation leverage."
— Adam Palmer [09:10]

2. Deep Dive: Multi-Cloud Malware and AI-Generated Threats

(VoidLink segment starts ~12:40)

Context: VoidLink can persist across AWS, Azure, GCP, Alibaba, Tencent—using AI-written code, credential theft, and system fingerprinting.
AI-generated threat design: LLM-coded, little human review.

John Collins [13:08]:

"Everything’s moving faster than security policies and practices... any exploitable thing ... will be worked through one by one, very damn fast over the next six months. The velocity of this stuff is astounding." - Stresses urgent need for understanding software provenance and supply chain security.

Emphasizes that attackers are no longer limited by human speed—AI now enables methodical exploitation at scale.

Adam Palmer [14:39]:

"Attackers don’t care what cloud you’re in, they just care who they can impersonate. ... AI doesn’t make malware smarter, but it can make it cheaper and easier to produce." - Focuses on the efficiency and cross-cloud targetability of new malware.

Debate on Red Flags and Automation:

John Collins [16:09]: Reflects on the shift: “We’ve spent decades relying on attackers’ human limits... but now, every possible combination can be tried microsecond by microsecond.”
Describes a temporary “window” where attackers have more material than can be exploited—until automation closes that gap.

Adam Palmer [18:52]:

"The efficiency, the scale and the adaptation of attackers ... is likely to only increase." - Long-term concern is about malicious scalability, not just novelty.

3. Governance Gaps: Claude Extension Zero-Click Flaw

(Anthropic story ~20:45)

Flaw: Zero-click code execution on >10k Claude desktop extension users, triggered by malicious calendar events, no sandboxing.
Anthropic’s response: Declined to fix, says issue is outside threat model (it’s up to users to manage extension permissions).

John Collins [21:48]:

"Maybe contractually right, but ethically wrong... You can't just say, 'it's not the fault of the first system.'" - As integration and agentic approaches proliferate, vendors must assume responsibility for tool chaining risks.

Adam Palmer [23:25]:

"AI agents can't be treated like junior employees with superuser access... Automation without guardrails is really just accelerated risk." - Highlights the need for treating AI as privileged insiders with clear governance and monitoring.

Notable Quotes

"User consent alone is not what I would consider a sufficient threat model."
— Adam Palmer [23:25]

4. China’s Cyber Range Rehearsals: From Prevention to Resilience

(China cyber range segment ~24:35)

China uses the “Expedition Cloud” to simulate attacks on critical infrastructure across Asia, employing AI-driven automation.

Adam Palmer [25:29]:

"Cyber resilience is now part of national resilience... Focus shifts from perfect prevention to resilience, recovery, and coordination." - For organizations near military targets (like Hawaiian banks), cyber and geopolitical risks are intertwined.

Difference for Hawaii-based Institutions:

Adam Palmer [26:57]: "My threat landscape is the same as all the military operations that I share with..."
- Attacks against military targets are likely to “spill over” to local institutions due to network proximity.

Business-Critical Infrastructure Lessons (John Collins [28:06]):

"Not all infrastructure is national critical, but ask: what amounts to business critical? ... You can’t counter everything, but you can have a damn good think about the most likely attacks and how to mitigate or react to them." - Advocates for clear business continuity, disaster recovery (BCDR), and practical risk-register exercises.

5. Final Advice: Staying Ahead in a Rapidly Evolving Threat Landscape

(Advice wraps ~29:52)

John Collins [30:12]:

"The speed at which cyber is going to change over the next six months ... is staggering. You need speed of awareness, speed of action." - “Don’t be that guy” who ignores the oncoming wave—prepare now.

Adam Palmer [31:13]:

"Security is a trust function, not a technology stack. ... The CISOs that will be successful will be those who design trust and effective decision making into their programs." - "The future CISO should be and is a trust architect."

Notable Quotes & Memorable Moments

"Shadow AI is evolving faster than most security programs." – Adam Palmer [05:20]
"You can't just say ... it's not the fault of the first system. Everyone has to take some commit into that integration situation." – John Collins [21:48]
"Automation without guardrails is really just accelerated risk." – Adam Palmer [23:25]
"Cyber resilience is now part of national resilience." – Adam Palmer [25:29]
"Security is a trust function, not a technology stack." – Adam Palmer [31:13]
"Don’t be that guy, don’t be that girl ... Not only do you need to keep up to date, but you need speed of awareness, speed of action." – John Collins [30:12]

Segment Timestamps

Tone Summary

Takeaways for Security Leaders

Prepare for multi-cloud malware persistence at machine (not human) speed.
Do not rely solely on vendor boundaries or user consent—integrations expand your threat model.
Governance, risk prioritization, and trust-building are more vital than ever.
Shift focus: From pure prevention to resilience, especially amid nation-state activity.
Anticipate exponential change—act now, not later.

For full stories, insights, and links to guests, visit CISOseries.com.

wavePod

Powered by Wave AI

Summary

Cybersecurity Headlines: Department of Know

Episode Overview

Key Discussion Points & Insights

1. The "No or Know" Segment: Reacting to Current Threats

Notable Quote

2. Deep Dive: Multi-Cloud Malware and AI-Generated Threats

3. Governance Gaps: Claude Extension Zero-Click Flaw

Notable Quotes

4. China’s Cyber Range Rehearsals: From Prevention to Resilience

5. Final Advice: Staying Ahead in a Rapidly Evolving Threat Landscape

Notable Quotes & Memorable Moments

Segment Timestamps

Tone Summary

Takeaways for Security Leaders

Summary

Cybersecurity Headlines: Department of Know

Episode Overview

Key Discussion Points & Insights

1. The "No or Know" Segment: Reacting to Current Threats

Notable Quote

2. Deep Dive: Multi-Cloud Malware and AI-Generated Threats

3. Governance Gaps: Claude Extension Zero-Click Flaw

Notable Quotes

4. China’s Cyber Range Rehearsals: From Prevention to Resilience

5. Final Advice: Staying Ahead in a Rapidly Evolving Threat Landscape

Notable Quotes & Memorable Moments

Segment Timestamps

Tone Summary

Takeaways for Security Leaders