Risky Business Risky Business #829 -- Sneaky lobsters: Why AI is the new insider threat
30 snips
Mar 18, 2026 A fast-paced dive into recent cyber attacks, from an Intune-based wiper hitting medical device firm systems to supply-chain tricks using invisible Unicode payloads. They unpack a vendor accidentally leaking a wildcard SSL key and debate AI agents acting like insider threats. Other highlights include Instagram dropping E2EE DMs, Moscow’s mobile internet controls, and wild hardware hacks on consoles and forensic tools.
AI Snips
Chapters
Transcript
Episode notes
Agents Prefer Shell Access Over MCP
- MCP (model capability provider) is losing relevance as agents prefer direct shell access and built-in tools.
- James argues agents favor the shell and existing tools over MCP, shifting security and integration needs.
Benchmark Agents With Token-Budgeted Attack Tests
- Use the AI Security Institute's structured multi-step test framework to measure agent risk under fixed token budgets.
- Evaluate reconnaissance, lateral movement, credential theft and exploitation stages at 10M and 100M token limits to benchmark models.
Platform Safety Drove Instagram E2E Rollback
- Meta's decision to disable E2E in Instagram DMs reflects a tradeoff: mass-market safety enforcement versus absolute privacy.
- Patrick and James argue social platforms need visibility to police grooming and platform harms that private messaging can hide.