To The Point Cybersecurity Podcast
Episode: The Merging Worlds of AI, Cybersecurity, and Physical Threats with David Saunders Part 2
Date: December 30, 2025
Host: Rachael Lyon
Co-host: Jonathan Knepher
Guest: David Saunders (Forcepoint)
Episode Overview
This episode dives deeply into the increasingly intertwined worlds of artificial intelligence (AI), cybersecurity, and physical threats. The panel—led by host Rachael Lyon, co-host Jonathan Knepher, and expert guest David Saunders—explores how AI is both amplifying existing cyber threats and shaping defensive strategies. The conversation spans the acceleration and sophistication of attacks, the persistent risk of insider threats, the challenges posed by supply chain and open-source dependencies, and practical advice around data observability and recovery.
Listeners are treated to candid, technically insightful perspectives on risk management, zero trust, and operational resilience, along with real-world anecdotes and forward-looking projections for 2026.
Key Discussion Points & Insights
The Acceleration and Sophistication of Attacks
- Quantity vs. Quality
- David Saunders: “AI is just…making things easier and more efficient. We see more of the same stuff…But I think what we're getting less is of the really obvious rubbish that you can pick up and more sophisticated, better crafted websites, better crafted emails and so forth.” (02:00)
- AI as a Double-Edged Sword
- Both attackers and defenders are leveraging AI to increase the speed, efficiency, and adaptability of their tools.
- Saunders: “We all...look to automation. I mean, AI can be used defensively as well as aggressively. We’re looking at tools and how we can use AI and utilizing them in our backend infrastructure as well.” (02:45)
The Long Game: Persistent and Patient Threats
- ‘Shadypanda’ Example & Lessons
- Host and guest discuss threats that “worm their way in” and stay dormant—sometimes for years—before being detected.
- Saunders: “Trust shouldn’t persist over time. If you trust an application to install it now, don’t just blindly patch it, update it continually, you need to reassess it.” (04:17)
- Zero Trust Philosophy
- Saunders: “If they’re playing the long game, we have to play the long game. And again, if you can’t trust something like that over time...you have to have zero trust on everything.” (05:25)
Supply Chain Vulnerabilities & Open Source Risk
- Awareness of Hidden Dependencies
- Commentary on the real risk from open source libraries and the broader software supply chain.
- Saunders: “You need to know exactly what you’re using. And again, that comes to good engineering practice…it’s about control.” (07:00)
- Planning for Failure Across All Dependencies
- Saunders: “Treat your supplier, whether it’s a third-party package or a software or service you provide, as if it’s your network or it’s your database, and then include that in your planning for failure.” (08:21)
- Infrastructure Analogy
- Knepher: “On the infrastructure side...I'll think about my connectivity and I'll think about who my providers' providers are...But I think a lot of people don't think about that in the open source libraries and other dependencies...” (09:16)
Insider Risk: The Human Factor in Security
- Resurgence of Insider Risk Concerns
- Lyon: “All of a sudden, I’d say in the last six months in particular, I’m hearing more and more about insider risk, disgruntled employees…” (10:30)
- Accidental vs. Malicious Insiders
- Saunders: “I almost think [intentional insiders are] less important. The insider threat is accidental in often cases. Yes, you will get [malicious actors]. And actually it doesn’t really matter whether it’s accidental or intentional, it’s the fact that it can happen at all.” (11:22)
- Zero Trust and Least Privilege
- Saunders: “No one employee in the organization should have access to anything [everything]…You've got to have a setup...to allow your employees to do their jobs, but not to go beyond that.” (12:10)
- Enablement as Security
- Saunders: “If I need access to something, I should be able to ask John and he can give it to me like that. If it takes me three days...that’s when employees start to do things they shouldn’t do.” (13:30)
Observability, Outages, and Data Visibility
- Slow Recoveries in Recent Incidents
- Organizations often struggle to recover quickly due to uncertainty about what data was compromised, where data resides, and who has access.
- Saunders: “The best way to, if you like, prepare for that situation [is] to have a really good understanding of [your systems]. You can never know what the attack is going to do. We could definitely know what your systems are.” (16:50)
- Critical vs. Non-Critical Systems
- Restoration priorities must be clear; organizations must map which systems are mission-critical versus non-essential.
Testing and Restoring Backups
- Backup Frequency and Validation
- Saunders: “Backups are happening but nobody’s actually checking whether they can restore from the backup. I know that sounds really obvious, but it still happens.” (20:18)
- Backups should be segmented by data criticality—don’t treat all data as equal.
- Testing and Modern Recovery
- Saunders: “There isn’t a golden rule with backups. But I do think you probably shouldn’t just backup everything together. And you need to have a distinct backup plan for different types of data...” (20:55)
- Backups 'Sexy' Again
- Saunders: “Given what’s going on...backups start to become sexy again. I mean, they never were before, but they are, should be on the top of most...organizations.” (22:35)
Looking Ahead to 2026
- Agentic and Autonomous AI
- Saunders: “We started to talk about agentic AI...There’s very little examples of where it’s completely autonomous. It’s getting that way...is that going to happen and on both sides?” (23:36)
- Unending Need for Vigilance
- Lyon: “There’s never a dull moment in cybersecurity. For those that are considering joining the industry, please come. We’d love to have you.” (24:40)
Notable Quotes & Memorable Moments
- “Trust shouldn’t persist over time. If you trust an application...don’t just blindly patch it...you need to reassess it.” — David Saunders (04:20)
- “You need to have a zero trust...mindset really when you’re doing any of this.” — David Saunders (11:44)
- “If I need access to something, I should be able to ask John and he can give it to me like that...when employees start to do things that they shouldn’t do is when it takes too long to get access.” — David Saunders (13:30)
- “Backups are happening but nobody’s actually checking whether they can restore from the backup. I know that sounds really obvious, but it still happens.” — David Saunders (20:18)
- “Backups start to become sexy again. I mean, they never were before, but they are, should be on the top of most...organizations.” — David Saunders (22:35)
- “There’s very little examples of where it’s [AI] completely autonomous. It’s getting that way, I think. So in 2026...is that going to happen and on both sides?” — David Saunders (23:36)
- “There’s never a dull moment in cybersecurity. For those that are considering joining the industry, please come. We’d love to have you.” — Rachael Lyon (24:40)
Key Timestamps for Important Segments
- AI and Attack Acceleration: 00:40 – 03:10
- Long-Game Threats and Zero Trust: 03:41 – 06:02
- Supply Chain and Open Source Risks: 06:16 – 09:49
- Insider Risk (Accidental vs. Malicious): 10:30 – 13:20
- Data Observability & Incident Recovery: 14:33 – 18:25
- Practical Backup & Restore Strategies: 19:34 – 23:12
- Looking to 2026, Agentic AI: 23:30 – 24:40
Summary Flow and Tone
Rachael Lyon’s conversational, insightful tone is balanced with Jonathan Knepher’s technical analogies and David Saunders’ pragmatic, sometimes irreverent honesty. The episode is packed with actionable advice, real-world frustrations, and common-sense recommendations, all delivered with clarity and a touch of humor.
For cybersecurity professionals and leaders, this episode offers a pragmatic deep dive—a must-listen for those navigating the evolving intersection of AI, cyber threats, and resilient engineering.