Legitimate Cybersecurity Podcasts
Legitimate Cybersecurity Podcasts
Podcast Description
Legitimate Cybersecurity Podcast - designed to empower you with real-world cybersecurity information, stories, and advice.
Podcast Insights
Content Themes
The show covers various important cybersecurity topics including the impact of AI on security, ethical considerations, industry trends, and personal stories from cyber professionals. Episode examples include discussions on AI's role in phishing and pentesting, 'cyber maturity', and the hidden challenges of communicating technical truths within organizations.
Legitimate Cybersecurity Podcast – designed to empower you with real-world cybersecurity information, stories, and advice.
Your AI assistant is helpful… until it isn’t. In this episode, Frank and Dustin break down the zero-touch exploits (EchoLeak & ShadowLeak) that can hijack AI integrations like email and office suites, quietly exfiltrate your prompts and IP, and even leak them to attacker infrastructure—no clicks required. We also talk about why your chats aren’t protected by legal privilege, how AI activity factored into the California wildfire arsonist story, and what actually works: DLP, model governance, and when you should go local with LLMs.
We keep it real (and a little nihilistic) while giving CISOs, IT leaders, and curious humans the playbook to reduce risk without killing innovation.
👉 Media & interview requests: [email protected]
🎧 Audio listeners: subscribe on any platform via https://legitimatecybersecurity.podbean.com/
💬 Drop your idea for our new sign-off catchphrase in the comments!
Chapters:
0:00 Cold Open — “What if your AI is spying on you?”
0:30 Welcome & Today’s Agenda (EchoLeak, ShadowLeak, legal privilege, arsonist story)
1:55 Zero-Touch Exploits Explained (no clicks, still owned)
3:11 How It Works via Email & Integrations (silent prompt injection → exfil)
4:48 Old Tradecraft, New Target (drive-by vibes, LLMs in the loop)
7:55 “Plain-Language Hacking” (Gandalf game, prompt judo)
10:27 Why This Still Counts as a Hack (intent, abuse of designed behavior)
12:52 Why SOCs Might Miss It (looks like normal AI traffic)
14:24 DLP, Asset Mgmt, and the “Hated but Needed” Controls
16:44 Should You Run Local LLMs? (pros, cons, update churn)
20:30 Liability & Definitions — Is This Really a Hack? (yes, and why)
22:25 AI Has No Feelings… But It Leaks Yours (reflection, social engineering)
23:16 “No Legal Privilege” Bombshell & The Arsonist Example
26:36 Privacy Culture Shift (profiling even when you opt-out)
29:45 Cat-and-Mouse Prompts (policy workarounds, “encrypt my answer” tricks)
31:19 Don’t Panic, Do Fundamentals — Then Regulate
32:36 What Good Regulation Looks Like (and where it fails)
35:40 Penalties with Teeth (or companies just budget the fines)
38:26 Next Week Tease: DOGE whistleblowers & data handling
39:01 Help Us Pick a Catchphrase (Outro & CTAs)
#cybersecurity #ai #dataprivacy #pentesting #ZeroTouch #llm #copilot #chatgpt #dlp #infosec #datalossprevention
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.