Risky Business #824 – Microsoft's "Secure Future" Looks Wobbly

Date: February 11, 2026
Host: Patrick Gray
Panel: Adam Boileau, James Wilson

Episode Overview

This episode unpacks another week dense with cybersecurity news, focusing largely on major changes at Microsoft’s security leadership and the broader implications for the company's "Secure Future Initiative." Adam Boileau brings his trademark skepticism to bear on Microsoft’s new moves, while James Wilson joins to dissect the buzz around Anthropic’s AI-generated C compiler and broader trends in AI security research. The show rounds up a flurry of global cyberattacks, ongoing vulnerabilities, state threat actors, deepfake scams, and operational shifts in defensive infrastructure.

Key Discussion Points & Insights

1. Microsoft’s Security Leadership Shuffle and the Secure Future Initiative

Major Changes: Charlie Bell (previous security EVP, with a technical/engineering pedigree) moves to a quality engineering role. Hayet Galot (background in engineering and sales) takes over security.
Skepticism Over Commitment: Hosts express doubts that this shift is serious about improving security, speculating the focus is now on selling more security products rather than addressing Microsoft’s security challenges.
- Patrick Gray (01:16): “It looks certainly more like that role is about figuring out how to sell more security products than actually trying to make Azure suck less.”
Institutional Memory: References to Microsoft’s “boom and bust” cycles over security, recalling prior efforts like "Trustworthy Computing."
Technical Moves: Microsoft’s move towards app-style consenting models in Windows highlighted as positive but difficult, with potential to fall short (UAC reference).

Notable Quote

“Being skeptical is well-warranted... We have been through Microsoft’s boom and bust cycle of taking security seriously or not, you know, a few times now.”
— Adam Boileau (02:39)

2. Secure Boot Certificate Expirations & Patch Tuesday

Secure Boot Certs: Legacy certificates expiring won’t cripple most devices, but could complicate things for users of outdated or non-Windows systems; embedded systems likely unaffected due to time-check bypasses.
Patch Tuesday SURGE: Six vulnerabilities actively exploited (notably up from previous months). A point of interest is a Microsoft Office vulnerability exploited by Russian APTs targeting Ukraine, affecting especially unsupported Office 2016 environments.

Notable Quote

“It’s not as bad as it sounds... not a disaster that I would love because we’re all about things burning horribly down. But it’s still—crypto is hard.”
— Adam Boileau (06:31)

3. State-Backed Attacks and Global Campaigns

Russia: Cyberattacks pre-Winter Olympics have limited real impact—possibly more for internal Russian KPIs (“please justify our budget for next year”). Links drawn to patterns seen elsewhere.
China: Multiple large-scale campaigns uncovered, highlighting both scale (“China going large at this stuff”) and diversity of activity across many independently-operating groups (including Salt Typhoon, UNC3886).
Europe: Various nations (Norway, Netherlands, EU) hit by Chinese-linked exploits, often via Ivanti vulnerabilities.
Singapore: Targeted attacks at telcos via UNC3886, consistent with China’s strategic positioning.

Notable Quote

“...it’s just, look at us, look how cyber we are, you know, please justify our budget for next year kind of thing.”
— Adam Boileau (11:12)

4. Critical Infrastructure & Defensive Maneuvering

Telnet Filtering: Gray Noise Labs observed a dramatic drop in Telnet traffic pre-vulnerability disclosure, suggesting proactive filtering by major backbone providers—for the greater good, echoing post-Slammer/Blaster era shifts.
Reflections on ISP Attitudes: The hosts reminisce about the early days’ “do not drop packet” culture and how practicality has prevailed with ISPs now filtering dangerous protocols.

Notable Quote

“Job is deliver packet. Right. Even if packet bad, packet must be delivered. So it is a sign of how much things have changed.”
— Patrick Gray (19:05)

5. Vulnerabilities & Exploits

SolarWinds & Helpdesk Bugs: Ongoing exploitation of SolarWinds web helpdesk vulnerabilities described as “run of the mill,” but attackers’ tooling is lauded as “cloud native” and adaptive.
Ivanti & BeyondTrust: Ongoing active exploitation by high-level actors. BeyondTrust flaws found via intelligent bash command injection analysis.

Notable Quote

“If you have Beyond Trust, get patching. If you are a Unix hacker, this particular bash trick is absolutely worth reading about.”
— Adam Boileau (29:43)

6. Anthropic's AI-Powered C Compiler - Reality Check

Hype vs Reality: Anthropic’s AI, Claude, generated a compiler capable of building the Linux kernel, but cannot handle elementary cases like “Hello World”—demonstrating both progress and limitations.
James Wilson's Take: It’s an interesting technical demo of multi-agent orchestration rather than a sign that AI has “solved” compiler construction.
- James Wilson (30:43): “It’s a compiler... but it's far from a general purpose compiler that you can throw any properly formatted code at and expect it to work with.”
AI Security Research Parallel: Investigation into the real capabilities of AI-generated tools and automations—oscillating between “astonishing” and “underwhelming” depending on context and implementation.

Notable Quote

“The deeper story there is... these models know how to create something that works, but they won’t create something that works that won’t be susceptible to attack unless you actually go a whole lot of extra yards to bake that in.”
— James Wilson (35:27)

7. AI in Security: Aisle’s Research & Industry Trajectory

Two Tracks in AI Usage: Real, substantive research leading to upstream contributions and “low value” bug bounty chasing via basic prompt stuffing—both present in the AI security landscape.
State of the Art: Rapid progress means opinions “from last week” go stale quickly; constant reevaluation needed.
James Wilson's Perspective: The key advancement is agents that work together and endless iteration via tool use—but the big open problem remains: generating code and systems that are secure by default, not just functional.

Notable Quote

“Everything is moving very, very quickly. And even opinions from last week... need to be reevaluated.”
— Adam Boileau (34:40)

8. Deepfake & Social Engineering Attacks

North Korean Activity: Deepfake Zoom calls with cryptocurrency execs—audio “malfunctions” used to lure targets into malware.
Implications: The very last mechanisms for trust (video, audio) are being eroded. Future-proofing identity verification in business contexts is a pressing, unsolved problem.
Commercial Opportunities & Research: Notably, startups and security vendors racing to establish robust remote attestation and digital identity frameworks.

Notable Quote

“It’s going to be a wild ride for a few years whilst we figure out how to do distributed network identity.”
— Adam Boileau (26:32)

9. Comedy & Tragedy: Crypto Exchange Blunder and Policy Woes

Comedy: S. Korean crypto exchange BitThumb mistakenly gives away $40B worth of Bitcoin to customers (intended to distribute a miniscule promotional reward). They recovered 99% but still lost $120M.
Tragedy: U.S. Section 702 (surveillance provision) renewal drama continues, with endless political brinksmanship and “perma-panic.”

Notable Quotes

“We’ve all made mistakes at work, but $40 billion worth of Bitcoin? Whoopsie.”
— Patrick Gray (38:33)

“This is the story that just never will die... it's back. It's back.”
— Patrick Gray (38:53)

10. Sponsor Interview: The Future of AI in Security (Brandon Dixon, ENT AI)

[42:43–55:34]

Dixon argues that today’s “AI SOC” efforts miss the deeper opportunity—AI’s real value is in building human-like context awareness at the endpoint.
Embeddings, natural language processing, and context-rich telemetry can let AI continually model and explain why behaviors are risky or benign, not just detect patterns.
This could lead to a “Gen 3” of endpoint security: autonomous, contextual, proactive, with proper guardrails—rather than layering more AI atop existing, incomplete models.

Notable Quotes

“The endpoint as the holy grail of context... the greatest opportunity to intervene and stop somebody from doing something before that bad thing can occur.”
— Brandon Dixon (43:56)

"It creates a new paradigm for how detection can be performed..."
— Brandon Dixon (48:39)

Timestamp Guide to Major Segments

Microsoft’s Security Leadership Changes: 00:50–04:28
Secure Boot & Patch Tuesday: 05:29–10:17
Russia/Olympics Attacks & Attribution: 10:31–12:25
Wide-Ranging Chinese Campaigns: 12:48–16:58
Telnet Filtering/Defensive Infrastructure: 16:58–21:15
Intel/Google Confidential VM Research: 21:15–23:39
SolarWinds/Cloud Native Hacking: 23:39–25:22
Ivanti & Ongoing Exploitation: 25:22–25:53
North Korean Deepfake Scam: 25:53–28:49
BeyondTrust Bash Injection: 28:49–29:43
Anthropic AI Compiler Analysis: 29:43–32:38
AI Security Research State-of-the-Art: 32:38–36:32
Crypto Exchange Blunder (BitThumb): 37:10–38:53
Section 702 Policy Wrangles: 38:53–39:45
Sponsor Interview with Brandon Dixon: 42:43–55:34

Tone & Style

Wry, skeptical, fast-paced, and “no waffle”
Frequent sarcasm and dry humor, especially around bureaucratic moves and “silver bullet” claims in security.
Strong attention to the nuances of leadership impact, rather than just technical fixes.
Candid about uncertainty (“the proof will be in the pudding”), and admirably humble about the speed of technological change.

Summary Takeaway

This episode of Risky Business threads the needle between resigned skepticism about big vendor promises (especially from Microsoft) and cautious optimism around the rapid evolution of AI in security, showing both the strengths and the limitations of automated solutions. With global threat activity ramping up, deepfakes becoming operationalized, and defenders forced to rely on defense-in-depth and smart filtering, the security landscape remains as precarious—and as “risky”—as ever.

Notable Quotes Quick Reference

“It looks certainly more like that role is about figuring out how to sell more security products than actually trying to make Azure suck less.” — Patrick Gray (01:16)
“Being skeptical is well-warranted... We have been through Microsoft’s boom and bust cycle of taking security seriously or not, you know, a few times now.” — Adam Boileau (02:39)
“The deeper story there is... these models know how to create something that works, but they won’t create something that works that won’t be susceptible to attack unless you actually go a whole lot of extra yards to bake that in.” — James Wilson (35:27)
"We've all made mistakes at work, but $40 billion worth of Bitcoin? Whoopsie." — Patrick Gray (38:33)
"It’s going to be a wild ride for a few years whilst we figure out how to do distributed network identity.” — Adam Boileau (26:32)

For cybersecurity professionals or anyone following digital risk, this episode is a sharp digest of the week’s biggest infosec themes—delivered with candor, wit, and technical acumen.

Risky Business #824 – Microsoft's "Secure Future" Looks Wobbly

Date: February 11, 2026
Host: Patrick Gray
Panel: Adam Boileau, James Wilson

Episode Overview

Key Discussion Points & Insights

1. Microsoft’s Security Leadership Shuffle and the Secure Future Initiative

Major Changes: Charlie Bell (previous security EVP, with a technical/engineering pedigree) moves to a quality engineering role. Hayet Galot (background in engineering and sales) takes over security.
Skepticism Over Commitment: Hosts express doubts that this shift is serious about improving security, speculating the focus is now on selling more security products rather than addressing Microsoft’s security challenges.
- Patrick Gray (01:16): “It looks certainly more like that role is about figuring out how to sell more security products than actually trying to make Azure suck less.”
Institutional Memory: References to Microsoft’s “boom and bust” cycles over security, recalling prior efforts like "Trustworthy Computing."
Technical Moves: Microsoft’s move towards app-style consenting models in Windows highlighted as positive but difficult, with potential to fall short (UAC reference).

Notable Quote

“Being skeptical is well-warranted... We have been through Microsoft’s boom and bust cycle of taking security seriously or not, you know, a few times now.”
— Adam Boileau (02:39)

2. Secure Boot Certificate Expirations & Patch Tuesday

Secure Boot Certs: Legacy certificates expiring won’t cripple most devices, but could complicate things for users of outdated or non-Windows systems; embedded systems likely unaffected due to time-check bypasses.
Patch Tuesday SURGE: Six vulnerabilities actively exploited (notably up from previous months). A point of interest is a Microsoft Office vulnerability exploited by Russian APTs targeting Ukraine, affecting especially unsupported Office 2016 environments.

Notable Quote

“It’s not as bad as it sounds... not a disaster that I would love because we’re all about things burning horribly down. But it’s still—crypto is hard.”
— Adam Boileau (06:31)

3. State-Backed Attacks and Global Campaigns

Russia: Cyberattacks pre-Winter Olympics have limited real impact—possibly more for internal Russian KPIs (“please justify our budget for next year”). Links drawn to patterns seen elsewhere.
China: Multiple large-scale campaigns uncovered, highlighting both scale (“China going large at this stuff”) and diversity of activity across many independently-operating groups (including Salt Typhoon, UNC3886).
Europe: Various nations (Norway, Netherlands, EU) hit by Chinese-linked exploits, often via Ivanti vulnerabilities.
Singapore: Targeted attacks at telcos via UNC3886, consistent with China’s strategic positioning.

Notable Quote

“...it’s just, look at us, look how cyber we are, you know, please justify our budget for next year kind of thing.”
— Adam Boileau (11:12)

4. Critical Infrastructure & Defensive Maneuvering

Telnet Filtering: Gray Noise Labs observed a dramatic drop in Telnet traffic pre-vulnerability disclosure, suggesting proactive filtering by major backbone providers—for the greater good, echoing post-Slammer/Blaster era shifts.
Reflections on ISP Attitudes: The hosts reminisce about the early days’ “do not drop packet” culture and how practicality has prevailed with ISPs now filtering dangerous protocols.

Notable Quote

“Job is deliver packet. Right. Even if packet bad, packet must be delivered. So it is a sign of how much things have changed.”
— Patrick Gray (19:05)

5. Vulnerabilities & Exploits

SolarWinds & Helpdesk Bugs: Ongoing exploitation of SolarWinds web helpdesk vulnerabilities described as “run of the mill,” but attackers’ tooling is lauded as “cloud native” and adaptive.
Ivanti & BeyondTrust: Ongoing active exploitation by high-level actors. BeyondTrust flaws found via intelligent bash command injection analysis.

Notable Quote

“If you have Beyond Trust, get patching. If you are a Unix hacker, this particular bash trick is absolutely worth reading about.”
— Adam Boileau (29:43)

6. Anthropic's AI-Powered C Compiler - Reality Check

Hype vs Reality: Anthropic’s AI, Claude, generated a compiler capable of building the Linux kernel, but cannot handle elementary cases like “Hello World”—demonstrating both progress and limitations.
James Wilson's Take: It’s an interesting technical demo of multi-agent orchestration rather than a sign that AI has “solved” compiler construction.
- James Wilson (30:43): “It’s a compiler... but it's far from a general purpose compiler that you can throw any properly formatted code at and expect it to work with.”
AI Security Research Parallel: Investigation into the real capabilities of AI-generated tools and automations—oscillating between “astonishing” and “underwhelming” depending on context and implementation.

Notable Quote

“The deeper story there is... these models know how to create something that works, but they won’t create something that works that won’t be susceptible to attack unless you actually go a whole lot of extra yards to bake that in.”
— James Wilson (35:27)

7. AI in Security: Aisle’s Research & Industry Trajectory

Two Tracks in AI Usage: Real, substantive research leading to upstream contributions and “low value” bug bounty chasing via basic prompt stuffing—both present in the AI security landscape.
State of the Art: Rapid progress means opinions “from last week” go stale quickly; constant reevaluation needed.
James Wilson's Perspective: The key advancement is agents that work together and endless iteration via tool use—but the big open problem remains: generating code and systems that are secure by default, not just functional.

Notable Quote

“Everything is moving very, very quickly. And even opinions from last week... need to be reevaluated.”
— Adam Boileau (34:40)

8. Deepfake & Social Engineering Attacks

North Korean Activity: Deepfake Zoom calls with cryptocurrency execs—audio “malfunctions” used to lure targets into malware.
Implications: The very last mechanisms for trust (video, audio) are being eroded. Future-proofing identity verification in business contexts is a pressing, unsolved problem.
Commercial Opportunities & Research: Notably, startups and security vendors racing to establish robust remote attestation and digital identity frameworks.

Notable Quote

“It’s going to be a wild ride for a few years whilst we figure out how to do distributed network identity.”
— Adam Boileau (26:32)

9. Comedy & Tragedy: Crypto Exchange Blunder and Policy Woes

Comedy: S. Korean crypto exchange BitThumb mistakenly gives away $40B worth of Bitcoin to customers (intended to distribute a miniscule promotional reward). They recovered 99% but still lost $120M.
Tragedy: U.S. Section 702 (surveillance provision) renewal drama continues, with endless political brinksmanship and “perma-panic.”

Notable Quotes

“We’ve all made mistakes at work, but $40 billion worth of Bitcoin? Whoopsie.”
— Patrick Gray (38:33)

“This is the story that just never will die... it's back. It's back.”
— Patrick Gray (38:53)

10. Sponsor Interview: The Future of AI in Security (Brandon Dixon, ENT AI)

[42:43–55:34]

Dixon argues that today’s “AI SOC” efforts miss the deeper opportunity—AI’s real value is in building human-like context awareness at the endpoint.
Embeddings, natural language processing, and context-rich telemetry can let AI continually model and explain why behaviors are risky or benign, not just detect patterns.
This could lead to a “Gen 3” of endpoint security: autonomous, contextual, proactive, with proper guardrails—rather than layering more AI atop existing, incomplete models.

Notable Quotes

“The endpoint as the holy grail of context... the greatest opportunity to intervene and stop somebody from doing something before that bad thing can occur.”
— Brandon Dixon (43:56)

"It creates a new paradigm for how detection can be performed..."
— Brandon Dixon (48:39)

Timestamp Guide to Major Segments

Microsoft’s Security Leadership Changes: 00:50–04:28
Secure Boot & Patch Tuesday: 05:29–10:17
Russia/Olympics Attacks & Attribution: 10:31–12:25
Wide-Ranging Chinese Campaigns: 12:48–16:58
Telnet Filtering/Defensive Infrastructure: 16:58–21:15
Intel/Google Confidential VM Research: 21:15–23:39
SolarWinds/Cloud Native Hacking: 23:39–25:22
Ivanti & Ongoing Exploitation: 25:22–25:53
North Korean Deepfake Scam: 25:53–28:49
BeyondTrust Bash Injection: 28:49–29:43
Anthropic AI Compiler Analysis: 29:43–32:38
AI Security Research State-of-the-Art: 32:38–36:32
Crypto Exchange Blunder (BitThumb): 37:10–38:53
Section 702 Policy Wrangles: 38:53–39:45
Sponsor Interview with Brandon Dixon: 42:43–55:34

Tone & Style

Wry, skeptical, fast-paced, and “no waffle”
Frequent sarcasm and dry humor, especially around bureaucratic moves and “silver bullet” claims in security.
Strong attention to the nuances of leadership impact, rather than just technical fixes.
Candid about uncertainty (“the proof will be in the pudding”), and admirably humble about the speed of technological change.

Summary Takeaway

Notable Quotes Quick Reference

“It looks certainly more like that role is about figuring out how to sell more security products than actually trying to make Azure suck less.” — Patrick Gray (01:16)
“Being skeptical is well-warranted... We have been through Microsoft’s boom and bust cycle of taking security seriously or not, you know, a few times now.” — Adam Boileau (02:39)
“The deeper story there is... these models know how to create something that works, but they won’t create something that works that won’t be susceptible to attack unless you actually go a whole lot of extra yards to bake that in.” — James Wilson (35:27)
"We've all made mistakes at work, but $40 billion worth of Bitcoin? Whoopsie." — Patrick Gray (38:33)
"It’s going to be a wild ride for a few years whilst we figure out how to do distributed network identity.” — Adam Boileau (26:32)

For cybersecurity professionals or anyone following digital risk, this episode is a sharp digest of the week’s biggest infosec themes—delivered with candor, wit, and technical acumen.

Risky Business #824 -- Microsoft's Secure Future is looking a bit wobbly

Powered by Wave AI

Summary

Risky Business #824 – Microsoft's "Secure Future" Looks Wobbly

Episode Overview

Key Discussion Points & Insights

1. Microsoft’s Security Leadership Shuffle and the Secure Future Initiative

Notable Quote

2. Secure Boot Certificate Expirations & Patch Tuesday

Notable Quote

3. State-Backed Attacks and Global Campaigns

Notable Quote

4. Critical Infrastructure & Defensive Maneuvering

Notable Quote

5. Vulnerabilities & Exploits

Notable Quote

6. Anthropic's AI-Powered C Compiler - Reality Check

Notable Quote

7. AI in Security: Aisle’s Research & Industry Trajectory

Notable Quote

8. Deepfake & Social Engineering Attacks

Notable Quote

9. Comedy & Tragedy: Crypto Exchange Blunder and Policy Woes

Notable Quotes

10. Sponsor Interview: The Future of AI in Security (Brandon Dixon, ENT AI)

Notable Quotes

Timestamp Guide to Major Segments

Tone & Style

Summary Takeaway

Notable Quotes Quick Reference

Summary

Risky Business #824 – Microsoft's "Secure Future" Looks Wobbly

Episode Overview

Key Discussion Points & Insights

1. Microsoft’s Security Leadership Shuffle and the Secure Future Initiative

Notable Quote

2. Secure Boot Certificate Expirations & Patch Tuesday

Notable Quote

3. State-Backed Attacks and Global Campaigns

Notable Quote

4. Critical Infrastructure & Defensive Maneuvering

Notable Quote

5. Vulnerabilities & Exploits

Notable Quote

6. Anthropic's AI-Powered C Compiler - Reality Check

Notable Quote

7. AI in Security: Aisle’s Research & Industry Trajectory

Notable Quote

8. Deepfake & Social Engineering Attacks

Notable Quote

9. Comedy & Tragedy: Crypto Exchange Blunder and Policy Woes

Notable Quotes

10. Sponsor Interview: The Future of AI in Security (Brandon Dixon, ENT AI)

Notable Quotes

Timestamp Guide to Major Segments

Tone & Style

Summary Takeaway

Notable Quotes Quick Reference