Risky Business #831 — The AI Bugpocalypse Begins
Risky Business Media | April 1, 2026

Episode Overview

This episode explores the tumult of recent supply chain attacks, the emergence of AI-driven vulnerability discovery ("the AI bugpocalypse"), and the chaotic security landscape facing organizations worldwide. The hosts—Patrick Gray, Adam Boileau, and James Wilson—discuss major attacks, the accelerating impact of generative AI on exploit development, and how defenders can hope to cope. The show also features an interview with Ed Wu, founder of Dropzone, on the logic and development of AI-powered, pre-canned threat hunting.

Key Topics & Discussion Points

1. Axios Supply Chain Attack: North Korean Operation

[00:00–05:32]

• Axios—a popular JavaScript HTTP library with ~100 million weekly downloads—was trojanized by North Korean actors.
• Attackers introduced a new dependency ("plain-crypto-js") into Axios, then pushed malicious "latest" and "legacy" versions, dropping backdoors and credential stealers.
• Discussion about how detection was evaded and uncertainty remains as to how the Axios maintainer’s credentials were compromised, despite MFA:
  • James: “I've got two FA and MFA on practically everything, yet still this cred got out.” [04:04]
  • Patrick: “Sounds like…some sort of browser token to me, right?” [04:24]
• Even "OIDC trust publishing" safeguards were bypassed due to a misconfigured preference for old NPM tokens.

Notable Moment

• James: “They published…both a latest and a legacy to get maximum coverage…The way they did it is kind of cool.” [03:16]

2. Team PCP Fallout: Massive Cisco Exposure after Trivia/Checkmarx Attacks

[05:32–08:48]

• Team PCP, previously responsible for large-scale supply chain attacks on Trivia and Checkmarx, used credentials harvested from those events to compromise around 300 Cisco GitHub repositories, including leaking AWS keys.
• The sheer scale and variety of affected products is alarming:
  • Patrick: “It feels like it's literally lock, stock, the lot, the kitchen sink and everything out of Cisco.” [06:02]
• While direct impact is not fully known, the exposure of source code and credentials is likely to lead to secondary exploits and greater scrutiny of old, fragile codebases.
  • Adam: “Cisco gear across their product range is everywhere and anything that exposes the gubbins of that is going to result in bugs shaking out…” [07:44]

3. The Dawn of the AI Bugpocalypse: AI Outperforms Human Researchers

[08:48–25:26]

Anthropic’s Claude Finds Previously-Unknown Vulns

[10:06–12:23]

• Internal research by a former Anthropic employee demonstrated that the Claude language model could trivially discover new, significant vulnerabilities—including a blind SQLi in Ghost (Risky Business’ newsletter platform) and kernel bugs—with a shockingly simple prompt.
  • James: “Is that it?...It's incredible, right? The dawn of a new era.” [10:06–10:24]
• Guardrails did prevent Claude from directly generating weaponized exploits, but detailed explanations and "safe" PoC code were easily accessible.
  • James: “Claude has a hard guardrail on creating malicious code…but it's happy to talk about how to do it till the cows come home.” [11:12]

Discussion on AI's Disruptive Impact

[12:23–14:58]

• Widespread view among hosts that AI is dramatically accelerating vuln research and exploit development, eliminating the bottleneck of human bandwidth—especially for lower-tier or neglected code.
  • Adam: “The state of the art…is moving really quick…against most software, that’s more than you need.” [12:23]
  • Patrick: “Ten bucks in tokens…versus 40…and days of work…” [14:07]
• Notable quote:
  • Patrick: “I feel like Daobot 3000 is probably closer than we think.” [14:07]

Rain of Bugs—Vim, Emacs, FreeBSD

[15:54–17:03]

• On social media, vulnerability hunters found new bugs in vim and even emacs by simply prompting Claude; similar results reported in FreeBSD code. The simplicity and success rate are alarming.
  • James: “It feels like you could sit down with any code base at the moment via the simple prompt…and you’re going to find interesting stuff. It’s wild.” [15:54]

4. Experiment: Podcasting with an AI Security Researcher

[16:38–22:06]

• James recorded a novel "interview" episode with Claude (via voice interface), collaboratively exploring WebKit vulnerabilities and attempting to re-create exploit components.
• AI refused to write exploit code but handed over highly actionable technical explanations.
  • Patrick: “It didn’t write exploit code, but it certainly gave you enough…to…turn you into an exploit writer, basically.” [19:35]
  • Adam: “If you’re already an exploit writer, that’s going to get you. So it’s such a force multiplier. And that’s pretty scary. It’s hella cool, but also kind of scary.” [21:41]

5. How Long Will This "Insane" Period Last?

[22:06–25:26]

• High-profile leaders (Mandia, Damos, Morgan Adamski, Rob Joyce) warn that attacking and defending with AI will make coming years "insane.”
• Hosts argue this turbulent period will last far longer—due to patching inertia and legacy systems:
  • Adam: “There’s a long tail of old tech and a long tail of industries…where patching at all is still new.” [23:29]
  • Patrick: “People will tolerate insanely bad security for longer than we can comprehend…” [23:18]
• Defensive strategies will revert to old-school fundamentals:
  • Patrick: “Anyone who does those old school fundamental controls, like allow listing…big winners.” [24:18]
  • James: “The same stuff we’ve always done. Now we just actually need to lift the bar…” [24:49]

6. Exploit Broker/Spyware Updates: Triangulation & Karuna

[25:26–33:34]

• Kaspersky research reveals strong code lineage between the "triangulation" and "Karuna" iOS exploit chains, confirming both draw on the same L3Harris/Trenchant roots, but "triangulation" is a patchwork incorporating elements from multiple sources.
• Discussion centers on whether leaks (notably by Peter Williams) enabled Russian defenders to detect such attacks:
  • Adam: “Knowing the shape of the exploits…would give you some hints…can't imagine it doesn't help.” [30:17]
• Apple’s Lockdown Mode remains unbroken by known spyware:
  • Patrick: “Nobody ever in the history of anything, you know, nobody using lockdown mode has ever been hacked…” [33:18]

7. Apple Fast Patch Mechanisms: Cryptographically-Signed Updates

[33:34–35:22]

• Apple’s new update mechanism uses "cryptx" extensions to apply small, rapid, cryptographically-signed patches to its iOS file system (handy for quickly addressing critical vulnerabilities).
  • James: “Apple is shipping these…cryptx things…patch in this little bit…But the cryptographic trust…is maintained.” [34:18]
• Evidence that Apple may be silently deploying security fixes not disclosed in advisories.

8. Meta Abandons Instagram E2EE

[35:22–36:50]

• Meta’s rollback of end-to-end encryption in Instagram relates to user safety liability, especially regarding legal actions for failure to protect minors, rather than law enforcement pressure.

9. FBI Director’s Email Leaked by Iran

[36:50–37:07]

• Iranian-aligned hackers dumped FBI Director Cash Patel’s emails, but this major story barely made headlines amid all the chaos.

10. Escalating Iran/Israel Cyber/economic Conflict

[37:07–40:23]

• IRGC (Iranian Revolutionary Guard) issues public warning that major US and multinational tech companies operating in the Middle East are now considered legitimate targets.
  • James: “This is not a good feeling…It’s crossing a boundary.” [38:44]
• Ongoing Israeli attacks on Iranian steel infrastructure have prompted escalation and retaliatory cyber operations.
• Russians, post-Starlink ban, now fielding Ubiquiti wireless gear for comms in Ukraine—bad news given Ubiquiti’s security track record.

11. Citrix Netscaler SAML IDP 0-day Exploited

[40:23–42:15]

• A severe Citrix Netscaler bug (in SAML identity provider configuration) is being exploited in the wild—SISA urges emergency patching.
  • Adam: “The only thing that makes this less terrible…is…your netscaler is set up to be a SAML idp…But, you know, by virtue of…the wild, people clearly are…” [40:59]
• Critique of delegating trust to such fragile infrastructure—“bit rot pile of crap Citrix netscaler box” [41:51]

12. Miscellaneous & Humorous Moments

[42:15–45:25]

• FFMPEG’s April Fools post: “switching to Rust” (hosts consider it a self-own more than a joke).
• VPNs and Section 702 debate: VPN routes can actually make you more visible to US surveillance.
  • Adam: “Having your ISP be in another country does make you a foreign foreigner from the point of view of American surveillance.” [42:58]
• Google Maps/SEO prank: for a time, “Epstein Island” appeared as the caller ID for the White House, due to Google My Business manipulation.
  • James: “It’s not dumb if it works and it certainly got the laughs.” [43:59]

Sponsor Interview: Ed Wu, Founder of Dropzone

[45:32–58:57]

Building AI-Powered Automated Threat Hunting

• Dropzone’s platform offers pre-canned AI “hunt packs,” leveraging the logic: “What if you had unlimited analyst hours for threat hunting?”
• The platform automates:
  1. Collection (broad data querying, e.g., anomalous logins)
  2. Filtering (statistically narrowing results)
  3. In-depth Analysis (contextual investigation of anomalies)
     • Ed: “We might go from 100,000 rows to maybe 150 rows…then…in-depth analysis…” [49:43–51:10]
• Most significant value: massive, meticulous investigations at machine scale, surfacing misconfigurations, suspicious activity, or actionable anomalies.
  • Ed: “The thoroughness and the depth of the analysis is truly eye opening.” [53:21]
  • Patrick: “You’ve got this unlimited labor paradigm…tackle this gigantic task…” [53:50]
• About 50 hunt packs at launch (targeting MITRE ATT&CK TTPs, threat actor behaviors, and suspicious network activities); soon expanding to 150 and aiming for continuous AI-driven hunt generation from fresh threat intelligence.
  • Ed: “We are doing…research to leverage AI agents to continuously monitor open source intelligence feeds…programmatically generating hunt packs…” [57:00]

Notable Quotes

• Patrick Gray: “The AI apocalypse is upon us…the disruptive period that we have been predicting on this show for some time. That period of massive disruption appeared to have started over the last seven days.” [08:48]
• James Wilson: “The thing that is most startling about this is how ridiculously simple the prompt was.” [10:06]
• Adam Boileau: “These kinds of bugs are in some cases, ten minutes worth of reasoning time away by a model instead of days for an experienced security researcher.” [13:16]
• James Wilson: “It feels like you could sit down with any code base at the moment via the simple prompt…and you’re going to find interesting stuff. It’s wild.” [15:54]
• Patrick Gray: “People will tolerate insanely bad security for longer than we can comprehend…because we’re old and we’ve been in this industry for a while.” [23:18]

Timestamps for Significant Segments

• Axios/North Korea Supply Chain Hack: [00:00–05:32]
• Cisco/Team PCP Supply Chain Fallout: [05:32–08:48]
• AI Finds Zero-days, Bugpocalypse Begins: [08:48–15:54]
• Podcasting with Claude/AI Co-Researcher: [16:38–22:06]
• How Long Will AI-Driven Chaos Last?: [22:06–25:26]
• Triangulation vs. Karuna iOS Spyware Chains: [25:26–33:34]
• Apple’s New Patch System: [33:34–35:22]
• Meta Dumps Instagram E2EE, Why?: [35:22–36:50]
• Iran Targets Tech Firms Amid Escalation: [37:07–40:23]
• Russians Deploy Ubiquiti on Battlefield: [39:25–40:01]
• Citrix SAML Netscaler 0-day: [40:23–42:15]
• Sponsor Interview (Ed Wu/Dropzone): [45:32–58:57]

Conclusion

2026 has seen information security professionalized by chaos, as AI sweeps away old assumptions about labor-intensive security work—from vulnerability discovery to incident response. This episode demonstrates that AI's role in the offensive and defensive stack is no longer speculative—it's disruptive and here now. At the same time, foundational security discipline remains critical, perhaps more than ever.

For those in security, this episode is a stark wake-up call: the "insane years" are not ahead—they have already begun.