Discover Library

AI summaries and full transcripts for the podcasts you already follow. Free, by Wave.

Product

How it works
Browse podcasts
Your library

Company

About Wave
Privacy
Terms

Get Wave AI

Download app
WaveTube — YouTube summaries
Contact

Wave AI Tools

AI Transcription App
Speech to Text App
Audio to Text Converter
Audio Transcription Software
AI Note Taking App
AI Note Taker
Meeting Notes App
Meeting Transcription App
AI Meeting Recording App
Voice Recorder App
Lecture Recording App
Call Recording App
Online Voice Recorder
Transcribe Video to Text
Audio Recorder App iPhone
Phone Call Recorder iPhone
Voice Memo App Android
Sales Call Recording Tool

© 2026 Wave. All rights reserved.Built in San Francisco

The Adversarial Podcast | Wave AI Podcast Notes

The Adversarial Podcast cover

Podcast

The Adversarial Podcast

Hosted by Jerry Perullo, Sounil Yu, Mario Duarte · EN

Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.

24episodes

Listen on Apple Podcasts

Business Technology

Episodes

All episodes

Newest first

S4E19 – Canvas hacked, Cloudflare layoffs, GitHub CVE rundown
3w ago01:09:12Tap to summarize
Canvas hack strands university students during finals week. A Canvas cyberattack hit universities and K-12 schools during finals, locking students and teachers out of grades, assignments, lecture materials, and exams at the worst possible moment.Building for the future. Cloudflare says it is cutting more than 1,100 employees as it restructures around internal AI-driven workflows, even as the timing alongside earnings and a sharp stock reaction raises harder questions about the story investors were told.GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog. Wiz breaks down a critical GitHub infrastructure flaw where an authenticated user could turn a normal git push into remote code execution on GitHub Enterprise Server, with GitHub.com mitigated and GHES customers urged to patch.Dirty Frag (CVE-2026-43284, CVE-2026-43500) Patches Released. AlmaLinux shipped kernel patches for Dirty Frag, a pair of Linux kernel bugs in IPsec ESP and rxrpc paths that can give local attackers root, with public exploit code already available.Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
S4E18 – Mythos and TPRM, does SOC 2 really work?
Apr 2801:05:26Tap to summarize
00:34 - Introduction03:33 - Enterprise Challenges07:08 - End User and Browsers21:55 - Vulnerability Metrics40:37 - Approaching Leadership42:09 - TPRM Discussion46:40 - Sharing Findings01:03:04 - ConclusionMozilla: Anthropic’s Mythos found 271 security vulnerabilities in Firefox 150Anthropic’s Mythos found 271 zero-day vulnerabilities in Firefox 150 Mozilla let Anthropic’s Mythos loose on Firefox 150’s codebase, harvesting 271 shippable fixes in one sweep and forcing the security team to reckon with AI-scale fuzzing, triage, and patch velocity. https://arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
S4E17 – Mythos, Delve's downfall, and supply chain attacks
Apr 2301:08:58Tap to summarize
Project Glasswing (https://www.anthropic.com/glasswing) Anthropic is letting AWS, Apple, Google, Microsoft, JPMorgan, Cisco, NVIDIA, and friends point Claude Mythos at their shared attack surface while backing it with $100M in credits and $4M for OSS security groups so blue teams can burn down latent vulns before the offense gets equivalent AI. Inside the TeamPCP cascading supply chain attack (https://www.reversinglabs.com/blog/teampcp-supply-chain-attack-spreads) Hijacked Trivy GitHub Actions poisoned Docker images, stole CI secrets, and daisy-chained through Checkmarx workflows, npm packages, and VS Code extensions, seeding thousands of tenants with infostealers and proving CI creds are the new crown jewels. Delve – Fake Compliance as a Service - Part I (https://substack.com/home/post/p-191342187) A report says Delve mass-produced fake SOC 2 artifacts and funneled them through shell auditors, leaving customers—from indie apps to a Nasdaq firm—waving fraudulent attestations that crater their legal compliance.Hosts: Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
Special RSAC episode with Cloudflare - Cybersecurity and AI, CISO/Board dynamics, future of cybersecurity
Apr 1400:44:38Tap to summarize
The Adversarial Podcast brings you a special episode in collaboration with Cloudflare's Security Signal Podcast.0:39 - 3:33 AI Governance and Autonomy 6:26 - 8:49 Human in the Loop 9:17 - 11:40 Cybersecurity and AI 15:26 - 18:19 Resilience and Anti-Fragility 28:24 - 33:05 Threat Intelligence 33:31 - 36:50 Board and CISO Dynamics 41:09 - 42:35 Future of Cybersecurity 42:35 - 44:14 Books and ResourcesSecurity Signal Podcast: https://podcasts.apple.com/us/podcast/security-signal/id1815513800Cloudflare; http://cloudflare.com/Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
S4E15 – RSAC, Iranian hackers, White House's Cyber Strategy and Cyber EOs, the Future of TPRM
Mar 1701:09:52Tap to summarize
Iran-linked hackers claim responsibility for attack on US medical device maker StrykerAttackers tied to Iran say they hit Stryker, and investors punished the stock as the company scrambled to assess exposure.Trump Signs Executive Order Aimed at Cybercrime GangsThe President issued an order to tide together federal tools, international partners, and private-sector incentives for hunting down and disrupting ransomware crews.President Trump’s Cyber Strategy for AmericaThe new national cyber strategy leans hard on resilience, collaboration with allies, and deterring Beijing through offensive-ready posture.The future of third-party risk is NOT better questionnairesThe author argues that automation and better data sharing—not more paperwork—are what finally move the needle on vendor risk management.Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
S4E14 – Federal Gov vs. Anthropic, 40% layoff at Blocks due to AI
Mar 301:01:59Tap to summarize
Claude Code Security research preview Claude now reasons about code like a human researcher, re-checks its own findings for confidence, and surfaces patch suggestions in a dashboard while keeping humans in control—limited preview for Enterprise/Team customers plus expedited access for open-source maintainers. Pentagon gives Anthropic a best-and-final offer With a deadline looming, the Pentagon demanded full lawful-use access, threatening supply-chain risk and even a Defense Production Act push, but Anthropic stood firm on guardrails around mass surveillance and autonomous weapons. State Department and other agencies ditch Anthropic for OpenAI State, Treasury, HHS, and others are dropping Claude after Trump’s directive to cancel Anthropic contracts, swapping in OpenAI’s GPT-4.1 for tools like StateChat as the broader federal boycott takes shape. New AirSnitch attack bypasses Wi-Fi encryption AirSnitch leverages cross-layer identity desync to nullify client isolation on routers from Netgear to Cisco, giving nearby attackers full MitM access to intercept and tamper with otherwise encrypted traffic. Your password manager’s “zero knowledge” promise is broken ETH Zürich’s USENIX paper proves that malicious servers controlling Bitwarden/Dashlane/LastPass infrastructure can hijack everyday vault interactions and read users’ encrypted data despite the “zero knowledge” pitch. Researchers find critical vulnerabilities in cloud-based password managers The ETH team demonstrated a dozen attacks on Bitwarden, seven on LastPass, six on Dashlane, and even a 1Password flaw, showing compromised servers—without exotic hardware—can view or rewrite entire vaults. Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
S4E13 – Munich Security Conference, hiring AI specialists, Gemini used by criminals
Feb 1801:12:55Tap to summarize
GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use Google’s threat team distills red-team learnings from sophisticated experimentation as it hardens defenses and anticipates adversarial AI backdoors.New Trump Cyber Strategy Prompts Companies to Mull Legal Limits The administration’s aggressive cyber doctrine is forcing firms to reconsider how far they can legally follow the offensive playbook.The Trump Administration’s Cyber Strategy Fundamentally Misunderstands China’s Threat | Council on Foreign Relations CFR analysis warns that the new strategy oversimplifies China’s capabilities and risks misaligning priorities.CISA will shutter some missions to prioritize others. CISA’s Cybersecurity Division is reorganizing to better match a layered threat-response posture.Google TIG disrupts “world’s largest residential proxy network” The threat-intel team dismantled a sprawling residential proxy operation that was selling access to anonymized traffic, curbing a major enabler of fraud and abuse.Hosts: Jerry Perullo (Founder, https://adversarial.com/) Sounil Yu (Founder, https://www.knostic.ai/) Mario Duarte (Founder, stealth startup) Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
Adversarial Podcast S4E12 – Curl shuts down bug bounty program, most expensive security control that gave zero security
Feb 501:18:05Tap to summarize
The end of the curl bug bounty program. Curl’s creator Daniel Stenberg announced the shutdown of the project’s bug-bounty program because overwhelming volumes of low-quality and AI-generated reports, coupled with bad-faith security submissions, impose excessive mental and time costs while providing little real improvement to the software.Changing Federal Reserve Regulations. The memo directs Federal Reserve supervisory staff to shift toward a more risk-focused, judgment-driven, and proportionate supervisory model that prioritizes material financial risks, relies more on other regulators’ and firms’ internal audit work, reduces procedural and duplicative oversight, and sharpens the clarity and impact of supervisory findings and enforcement.Reddit: "What is the most expensive security control you added that gave zero security." An online discussion thread about security controls.Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
Adversarial Podcast S4E11 – Iran Internet blackout, threat intelligence briefings, cyber framework alignment
Jan 2001:15:22Tap to summarize
00:00 Intro 01:40 Iran's Internet blackout 48:06 U.S. Weighs Expanding Private Companies’ Role in Cyberwarfare 57:35 Aligning cybersecurity programs to frameworksThere's an internet blackout in Iran. How are videos and images getting out? During Iran’s nationwide internet blackout imposed amid widespread anti-government protests, some citizens have been using Elon Musk’s Starlink satellite service to bypass state-controlled communication blackouts and share information with the outside world despite government efforts to restrict or jam such access.Lawmakers to Restart Efforts to Revive Lapsed Cyber Intel Bill. U.S. lawmakers are preparing to revive and reauthorize the lapsed Cybersecurity Information Sharing Act, a key bill that facilitates sharing of cyber threat intelligence between the federal government and the private sector, with bipartisan momentum to include it in broader funding legislation as concerns grow about rising cyber threats and gaps left by the law’s expiration.U.S. Weighs Expanding Private Companies’ Role in Cyberwarfare. The U.S. administration is considering a significant shift in cyber strategy that would allow private companies, beyond their current contractor roles, to directly participate in offensive cyber operations against foreign adversaries—a move that would require new legal authorities and raises legal, ethical and oversight concerns.Should Our Security Controls Be More Like North Korea or Norway? Security programs work better when they resemble Norway’s balanced, trust-based model rather than North Korea’s heavy-handed, surveillance-first approach.Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →
Adversarial Podcast S4E10 – AI impact on cyber jobs, SOC 2 fraud, CISA polygraph failure
Jan 1401:06:52Tap to summarize
Cloudy Outlook for Cyber Jobs as AI Fills Security Gaps. Cybersecurity hiring growth slowed to 7% in 2025 amid flat budgets and economic uncertainty, with firms shifting spend toward AI automation over expanding teams.Coupang, Inc. (CPNG) Class Period Expanded in Pending Investor Securities Lawsuit - Hagens Berman. Hagens Berman expanded a securities class action against Coupang over alleged cybersecurity misstatements after massive data breach disclosures and losses.Jaguar Land Rover wholesale volumes down 43% after cyberattack. Jaguar Land Rover’s September 2025 cyberattack cut Q3 wholesale volumes 43%, disrupted production, cost £196 million, and triggered UK government intervention.Security Chiefs Plan New Uses for AI in 2026. Security leaders say AI sharply improved their defenses in 2025 and they plan to expand its use in 2026 for tasks like spotting vulnerabilities and automating identity checks.Acting CISA director failed a polygraph. Career staff are now under investigation. CISA’s acting director failed a polygraph, triggering a DHS investigation and suspension of multiple career staff accused of misleading leadership.Possible instances of SOC 2 Fraud. A whistleblower exposed an alleged SOC 2 fraud scheme where automation platforms and audit firms rubber-stamped fake compliance reports at scale.Hosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)Mario Duarte (Founder, stealth startup)Producer: Tillson Galloway (Founder, http://githoundexplore.com/)
Transcribe →

Page 1 of 3