Threat Vector Podcast – "The Good, the Bad, and the Ugly in AI"

Date: November 6, 2025
Host: David Moulton
Guest: Andy Piazza (Senior Director of Threat Intelligence, Unit 42 – Palo Alto Networks)
Theme: A deep dive into how artificial intelligence is transforming cybersecurity—for better and for worse—with insights from the front lines of threat intelligence.

Overview

This episode explores the rapidly evolving role of artificial intelligence (AI) within cybersecurity. Host David Moulton is joined by Andy Piazza, a veteran threat intelligence leader, to break down AI’s promise and peril: How defenders wield it to beat cybercrime, how adversaries exploit it, and the serious operational and staffing risks that come with widespread AI adoption. The conversation also highlights changing hacker culture, practical advice for evaluating AI solutions, and the critical importance of identity security in the AI era.

Key Discussion Points and Insights

1. The Changing Face of Hacker Culture and AI Adoption

Hackers are typically early adopters of new technology, with the primary intent to understand, break, and secure these technologies.
DEF CON, a major hacker convention, is now blending AI into contests like music, art, and even leveraging deepfakes for modern scavenger hunts on social media, signaling a cultural shift with younger generations entering the community.
Quote:

"When emerging tech comes out, we're usually some of the first to adopt it. And by adopt it, I usually mean break it."
— Andy Piazza [02:34]

2. The "Good" – Positive AI Use Cases in Cybersecurity

AI as a Force Multiplier: Andy recounts using an AI-driven tool within his team to analyze phishing kits, reducing thousands of hours of manual code review to 20 minutes of computer processing.
Accelerated Threat Response: AI-powered profiling and indicator extraction allow defenders to preemptively block malicious infrastructure.
Human Still Needed: Emphasis on “human in the loop” for verification, given that AI still “hallucinates” or fabricates information.
Quote:

"My team has actionable intelligence... maybe an hour of getting that phishing kit instead of two weeks."
— Andy Piazza [05:13]

3. The "Bad" – Adversarial Use of AI

AI-as-a-Command-and-Control: Malware now employs AI (e.g., Black Mamba, Russian tools targeting Ukraine) to manage compromised machines, scaling attacks beyond human limits.
Plain Language Threats: Attackers can query databases with simple questions ("Which one's the CIA officer?") rather than requiring deep analysis skills.
Quote:

"If that C2 server is now running an AI that doesn't need to sleep... one or two operators can now pull real level intelligence out of things with just plain language."
— Andy Piazza [08:43]

4. The "Ugly" – Risks: Hallucinations, Data Poisoning, Model Drift

AI Hallucinations: Referred to as machines that lie, not just "hallucinate."
Governance Nightmares: Deploying chatbots to public-facing web environments without proper controls or compliance (HIPAA, PCI, etc.) opens dangerous risk vectors.
Lack of Training and Overhyped Capabilities: Many non-technical staff are told to “learn AI” with no formal guidance, leading to inefficiency and risky workarounds when built-in controls don’t match business needs.
Quote:

"Everyone's just being pushed to adopt a technology they barely understand. I think that's really scary."
— Andy Piazza [12:54]

5. Building Trust in AI—The Need for Testing and Human Oversight

Policy Evasion: Employees circumvent AI restrictions by using personal devices, even among security professionals.
Blank Prompt Paralysis: The power of GenAI is undercut when users face an empty prompt with no obvious use within their daily tools. AI needs better integration and user training.
Quote:

"I just see a blank page. It's hard to visualize... AI is not being built inherent into my tools."
— Andy Piazza [16:25]

6. The AI Talent Crisis—What About the Next Generation?

Threat to Career Ladders: Automation is wiping out junior roles, jeopardizing the development of future experts and leaders, which may worsen the long-standing cybersecurity staffing problem.
Potential Backlash: The hype may swing back to human-centric staffing in a few years when the limitations of current AI become more apparent.
Quote:

"If you're the one company that says, we're not going that direction, we're going to invest in humans... we would be crushing it in five years."
— Andy Piazza [21:24]

7. Practical Guidance for Security Leaders

Vendor Evaluation: Insist on metrics, real-world case studies, and peer reviews—not just marketing slides.
Beware of Hype: Anything pushing a sense of urgency ("you're too late unless you buy now") should raise red flags.
Quote:

"Sense of urgency is the number one sign to me that something is a scam or fraud... If you're not already in AI, it's too late? That sounds like a scam to me."
— Andy Piazza [24:05]
Security Requirements:
- Demand clear governance models (on-prem vs. cloud, tenant data segregation).
- Require strong access controls (physical multi-factor authentication for all users, especially email).
- Extend risk management and security controls to all vendors and SaaS partners.
Quote:

"If you lock down anything at all with a physical MFA token, it should be your email first because your email resets the passwords to all the things you just named."
— Andy Piazza [28:15]

8. The Future: AI and Automated Security Operations

Agentic AI: Smart automation is the next wave—rapid analysis and response can close breaches in minutes, far faster than most organizations are equipped to handle today.
Challenge: Most organizations still struggle with alert latency and lack dedicated SOCs, making speed and scaling the new battleground.
Quote:

"What was it, like under 25 minutes or something stupid? ...that breach was over before some SOCs were even alerted. That's the things that's scaring me."
— Andy Piazza [30:22]

9. Personal Cyber Hygiene—The Takeaway

Password Management: Use and promote password managers and multi-factor authentication, especially for personal email (the "root" of identity compromise).
Family Security: Extending these practices to family members multiplies their protective impact.
Quote:

"Password managers are super easy now... A couple hundred dollars could save you a $10,000 trip to Ireland that you never went on because somebody else did it on your identity."
— Andy Piazza [34:01]

Notable Quotes & Memorable Moments

[02:34] Andy Piazza: "When emerging tech comes out, we're usually some of the first to adopt it. And by adopt it, I usually mean break it."
[05:13] Andy Piazza: "My team has actionable intelligence... maybe an hour of getting that phishing kit instead of two weeks."
[08:43] Andy Piazza: "If that C2 server is now running an AI that doesn't need to sleep... one or two operators can now pull real level intelligence out of things with just plain language."
[12:54] Andy Piazza: "Everyone's just being pushed to adopt a technology they barely understand. I think that's really scary."
[16:25] Andy Piazza: "I just see a blank page. It's hard to visualize... AI is not being built inherent into my tools."
[21:24] Andy Piazza: "If you're the one company that says, we're not going that direction, we're going to invest in humans... we would be crushing it in five years."
[24:05] Andy Piazza: "Sense of urgency is the number one sign to me that something is a scam or fraud... If you're not already in AI, it's too late? That sounds like a scam to me."
[28:15] Andy Piazza: "If you lock down anything at all with a physical MFA token, it should be your email first because your email resets the passwords to all the things you just named."
[30:22] Andy Piazza: "What was it, like under 25 minutes or something stupid? ...that breach was over before some SOCs were even alerted. That's the things that's scaring me."
[34:01] Andy Piazza: "Password managers are super easy now... A couple hundred dollars could save you a $10,000 trip to Ireland that you never went on because somebody else did it on your identity."

Timestamps for Key Segments

[02:33] - Hacker culture and AI at DEF CON
[04:08] - Real-world case: AI-driven phishing kit analysis
[07:40] - AI-as-Command-and-Control for attackers
[10:03] - Generative AI in real scam and influence campaigns
[12:01] - AI risks: Hallucinations, model drift, compliance challenges
[13:57] - Building trust in AI and human oversight
[15:15] - Policy evasion and AI training challenges
[20:13] - The AI staffing conundrum and future leadership gaps
[23:13] - Advice on evaluating vendors and solutions
[27:09] - Security controls: The importance of locking down email
[29:08] - Coming wave: Agentic (smart) AI in security operations
[33:06] - Critical takeaway: Invest in personal and family identity hygiene

Final Takeaway

"Definitely look at your identity hygiene as a human, as a person, as an individual... Password managers are super easy now... I would say invest in your personal identity."
— Andy Piazza [33:06]

Flow and Tone

Conversational, thoughtful, occasionally lighthearted ("spicy takes"), but grounded in the realities of defending against present and future cyber threats.
Andy and David seamlessly blend war stories from the front lines with strategic advice, reflecting both skepticism about AI hype and optimism about smart, incremental improvements.

This episode is a must-listen for security professionals, business and technology leaders, and anyone navigating the practical, cultural, and ethical complexities of AI’s rise in cybersecurity.

Threat Vector Podcast – "The Good, the Bad, and the Ugly in AI"

Overview

Key Discussion Points and Insights

1. The Changing Face of Hacker Culture and AI Adoption

Hackers are typically early adopters of new technology, with the primary intent to understand, break, and secure these technologies.
DEF CON, a major hacker convention, is now blending AI into contests like music, art, and even leveraging deepfakes for modern scavenger hunts on social media, signaling a cultural shift with younger generations entering the community.
Quote:

"When emerging tech comes out, we're usually some of the first to adopt it. And by adopt it, I usually mean break it."
— Andy Piazza [02:34]

2. The "Good" – Positive AI Use Cases in Cybersecurity

AI as a Force Multiplier: Andy recounts using an AI-driven tool within his team to analyze phishing kits, reducing thousands of hours of manual code review to 20 minutes of computer processing.
Accelerated Threat Response: AI-powered profiling and indicator extraction allow defenders to preemptively block malicious infrastructure.
Human Still Needed: Emphasis on “human in the loop” for verification, given that AI still “hallucinates” or fabricates information.
Quote:

"My team has actionable intelligence... maybe an hour of getting that phishing kit instead of two weeks."
— Andy Piazza [05:13]

3. The "Bad" – Adversarial Use of AI

AI-as-a-Command-and-Control: Malware now employs AI (e.g., Black Mamba, Russian tools targeting Ukraine) to manage compromised machines, scaling attacks beyond human limits.
Plain Language Threats: Attackers can query databases with simple questions ("Which one's the CIA officer?") rather than requiring deep analysis skills.
Quote:

"If that C2 server is now running an AI that doesn't need to sleep... one or two operators can now pull real level intelligence out of things with just plain language."
— Andy Piazza [08:43]

4. The "Ugly" – Risks: Hallucinations, Data Poisoning, Model Drift

AI Hallucinations: Referred to as machines that lie, not just "hallucinate."
Governance Nightmares: Deploying chatbots to public-facing web environments without proper controls or compliance (HIPAA, PCI, etc.) opens dangerous risk vectors.
Lack of Training and Overhyped Capabilities: Many non-technical staff are told to “learn AI” with no formal guidance, leading to inefficiency and risky workarounds when built-in controls don’t match business needs.
Quote:

"Everyone's just being pushed to adopt a technology they barely understand. I think that's really scary."
— Andy Piazza [12:54]

5. Building Trust in AI—The Need for Testing and Human Oversight

Policy Evasion: Employees circumvent AI restrictions by using personal devices, even among security professionals.
Blank Prompt Paralysis: The power of GenAI is undercut when users face an empty prompt with no obvious use within their daily tools. AI needs better integration and user training.
Quote:

"I just see a blank page. It's hard to visualize... AI is not being built inherent into my tools."
— Andy Piazza [16:25]

6. The AI Talent Crisis—What About the Next Generation?

Threat to Career Ladders: Automation is wiping out junior roles, jeopardizing the development of future experts and leaders, which may worsen the long-standing cybersecurity staffing problem.
Potential Backlash: The hype may swing back to human-centric staffing in a few years when the limitations of current AI become more apparent.
Quote:

"If you're the one company that says, we're not going that direction, we're going to invest in humans... we would be crushing it in five years."
— Andy Piazza [21:24]

7. Practical Guidance for Security Leaders

Vendor Evaluation: Insist on metrics, real-world case studies, and peer reviews—not just marketing slides.
Beware of Hype: Anything pushing a sense of urgency ("you're too late unless you buy now") should raise red flags.
Quote:

"Sense of urgency is the number one sign to me that something is a scam or fraud... If you're not already in AI, it's too late? That sounds like a scam to me."
— Andy Piazza [24:05]
Security Requirements:
- Demand clear governance models (on-prem vs. cloud, tenant data segregation).
- Require strong access controls (physical multi-factor authentication for all users, especially email).
- Extend risk management and security controls to all vendors and SaaS partners.
Quote:

"If you lock down anything at all with a physical MFA token, it should be your email first because your email resets the passwords to all the things you just named."
— Andy Piazza [28:15]

8. The Future: AI and Automated Security Operations

Agentic AI: Smart automation is the next wave—rapid analysis and response can close breaches in minutes, far faster than most organizations are equipped to handle today.
Challenge: Most organizations still struggle with alert latency and lack dedicated SOCs, making speed and scaling the new battleground.
Quote:

"What was it, like under 25 minutes or something stupid? ...that breach was over before some SOCs were even alerted. That's the things that's scaring me."
— Andy Piazza [30:22]

9. Personal Cyber Hygiene—The Takeaway

Password Management: Use and promote password managers and multi-factor authentication, especially for personal email (the "root" of identity compromise).
Family Security: Extending these practices to family members multiplies their protective impact.
Quote:

"Password managers are super easy now... A couple hundred dollars could save you a $10,000 trip to Ireland that you never went on because somebody else did it on your identity."
— Andy Piazza [34:01]

Notable Quotes & Memorable Moments

[02:34] Andy Piazza: "When emerging tech comes out, we're usually some of the first to adopt it. And by adopt it, I usually mean break it."
[05:13] Andy Piazza: "My team has actionable intelligence... maybe an hour of getting that phishing kit instead of two weeks."
[08:43] Andy Piazza: "If that C2 server is now running an AI that doesn't need to sleep... one or two operators can now pull real level intelligence out of things with just plain language."
[12:54] Andy Piazza: "Everyone's just being pushed to adopt a technology they barely understand. I think that's really scary."
[16:25] Andy Piazza: "I just see a blank page. It's hard to visualize... AI is not being built inherent into my tools."
[21:24] Andy Piazza: "If you're the one company that says, we're not going that direction, we're going to invest in humans... we would be crushing it in five years."
[24:05] Andy Piazza: "Sense of urgency is the number one sign to me that something is a scam or fraud... If you're not already in AI, it's too late? That sounds like a scam to me."
[28:15] Andy Piazza: "If you lock down anything at all with a physical MFA token, it should be your email first because your email resets the passwords to all the things you just named."
[30:22] Andy Piazza: "What was it, like under 25 minutes or something stupid? ...that breach was over before some SOCs were even alerted. That's the things that's scaring me."
[34:01] Andy Piazza: "Password managers are super easy now... A couple hundred dollars could save you a $10,000 trip to Ireland that you never went on because somebody else did it on your identity."

Timestamps for Key Segments

[02:33] - Hacker culture and AI at DEF CON
[04:08] - Real-world case: AI-driven phishing kit analysis
[07:40] - AI-as-Command-and-Control for attackers
[10:03] - Generative AI in real scam and influence campaigns
[12:01] - AI risks: Hallucinations, model drift, compliance challenges
[13:57] - Building trust in AI and human oversight
[15:15] - Policy evasion and AI training challenges
[20:13] - The AI staffing conundrum and future leadership gaps
[23:13] - Advice on evaluating vendors and solutions
[27:09] - Security controls: The importance of locking down email
[29:08] - Coming wave: Agentic (smart) AI in security operations
[33:06] - Critical takeaway: Invest in personal and family identity hygiene

Final Takeaway

"Definitely look at your identity hygiene as a human, as a person, as an individual... Password managers are super easy now... I would say invest in your personal identity."
— Andy Piazza [33:06]

Flow and Tone

Conversational, thoughtful, occasionally lighthearted ("spicy takes"), but grounded in the realities of defending against present and future cyber threats.
Andy and David seamlessly blend war stories from the front lines with strategic advice, reflecting both skepticism about AI hype and optimism about smart, incremental improvements.

This episode is a must-listen for security professionals, business and technology leaders, and anyone navigating the practical, cultural, and ethical complexities of AI’s rise in cybersecurity.

wavePod

The Good, The Bad, and The Ugly in AI

Powered by Wave AI

Summary

Threat Vector Podcast – "The Good, the Bad, and the Ugly in AI"

Overview

Key Discussion Points and Insights

1. The Changing Face of Hacker Culture and AI Adoption

2. The "Good" – Positive AI Use Cases in Cybersecurity

3. The "Bad" – Adversarial Use of AI

4. The "Ugly" – Risks: Hallucinations, Data Poisoning, Model Drift

5. Building Trust in AI—The Need for Testing and Human Oversight

6. The AI Talent Crisis—What About the Next Generation?

7. Practical Guidance for Security Leaders

8. The Future: AI and Automated Security Operations

9. Personal Cyber Hygiene—The Takeaway

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Final Takeaway

Flow and Tone

Summary

Threat Vector Podcast – "The Good, the Bad, and the Ugly in AI"

Overview

Key Discussion Points and Insights

1. The Changing Face of Hacker Culture and AI Adoption

2. The "Good" – Positive AI Use Cases in Cybersecurity

3. The "Bad" – Adversarial Use of AI

4. The "Ugly" – Risks: Hallucinations, Data Poisoning, Model Drift

5. Building Trust in AI—The Need for Testing and Human Oversight

6. The AI Talent Crisis—What About the Next Generation?

7. Practical Guidance for Security Leaders

8. The Future: AI and Automated Security Operations

9. Personal Cyber Hygiene—The Takeaway

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Final Takeaway

Flow and Tone