Risky Business Risky Business #826 -- A week of AI mishaps and skulduggery
55 snips
Feb 25, 2026 Brian Dye, CEO of Corelight, explains network detection and AI for defenders. James Wilson, security analyst, provides technical context on AI risks. Adam Boileau, security practitioner, gives hands-on analysis of incidents and tooling. They cover AI-augmented mass Fortinet compromises, model distillation accusations, AI agents causing outages and mailbox deletions, exploit-selling prosecutions, and legacy-product breaches.
AI Snips
Chapters
Transcript
Episode notes
Policy Restrictions Can Drive Unsafe Model Replication
- Export controls and restricted access to chips incentivize distillation; restricting legitimate access can produce less safe, open-source alternatives.
- James argued that limiting access creates a vicious cycle producing lower-guardrail models outside the supply chain.
Anthropic Refuses Military Use Without Human Oversight
- Anthropic refused to let the Pentagon use Claude without human-in-the-loop limits, triggering political pressure to loosen safeguards.
- Patrick and guests discussed Pete Hegseth demanding Anthropic join a Pentagon AI program or be excluded.
Never Give Agents Unrestricted Production Privileges
- Restrict agent privileges and never give automation broad rights to delete or recreate production resources.
- James noted the AWS outage happened because agents could delete production and blamed lax controls rather than the agent alone.