Podcast thumbnail for AI Security Ops

AI Security Ops

Claim This Podcast

by Black Hills Information Security

1.9(11 reviews)
60 episodes
Updated Daily
Accepts GuestsHas Sponsors

Podcast Overview

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

Language

🇺🇲

Publishing Since

4/17/2025

1 verified contact email on file for AI Security Ops

Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.

Recent Episodes

Episode thumbnail for Mythos and Fable Pulled | Episode 59

June 26, 2026

Mythos and Fable Pulled | Episode 59

<p>In this episode of BHIS Presents: AI Security Ops, the team tackles a first-of-its-kind moment in AI security and regulation:</p><p>What happens when the U.S. government orders a company to pull its most powerful AI models off the market?</p><p>Not the chips. Not the infrastructure. The models themselves.</p><p>On June 12th, 2026, Anthropic disabled Fable-5 and Mythos-5 worldwide after receiving a federal export-control directive tied to foreign-national access. The models were only three days old, and the shutdown raises a much bigger question for security teams, builders, and defenders:</p><p>Are frontier AI models now controlled technology?</p><p>This episode breaks down the order, the export-control mechanism behind it, the cybersecurity concerns around jailbreaks, and what this means for anyone building security workflows on top of hosted AI models.</p><p>We dig into:<br>• Why Anthropic pulled Fable-5 and Mythos-5 for all customers<br>• How foreign-national access rules forced an all-or-nothing shutdown<br>• What EAR export controls are, and why ITAR keeps coming up<br>• The history of encryption, PGP, and software as controlled technology<br>• Why Fable-5 and Mythos-5 triggered cyberweapon concerns<br>• The difference between guarded and less-guarded model releases<br>• Why jailbreaks are central to the government’s justification<br>• Why “all LLMs can be jailbroken” matters for policy and enforcement<br>• Whether Anthropic’s safety messaging created regulatory risk<br>• How competition and AI industry politics may shape regulation<br>• Why model redundancy is becoming a security resilience requirement<br>• What security teams should learn from a hosted model disappearing overnight<br>• Why taking powerful AI away from defenders may make security worse, not better</p><p>This episode explores a critical shift in AI security: frontier models are no longer just another SaaS dependency. They are becoming part of the security supply chain, subject to policy, export controls, national-security concerns, and sudden access loss.</p><p>For security teams, the question is no longer just which model performs best. It is what happens when the model your workflow depends on disappears, and what that model could see while it was running.</p><p>—</p><p>Key Concepts &amp; Topics</p><p>AI Export Controls<br>• Federal action targeting AI models instead of chips<br>• Foreign-national access restrictions<br>• Frontier models as controlled technology</p><p>EAR, ITAR, and Software Regulation<br>• Dual-use technology under Commerce Department authority<br>• Historical parallels to encryption and PGP<br>• Why software can become a national-security control point</p><p>Fable-5 and Mythos-5<br>• Guarded and less-guarded model access<br>• Safety classifiers and cyber capability concerns<br>• Public release versus vetted access models</p><p>Jailbreaks and AI Security<br>• Bypassing model safeguards<br>• Universal versus narrow jailbreaks<br>• Why perfect jailbreak resistance is not realistic</p><p>Security Resilience<br>• Model redundancy as a practical requirement<br>• Avoiding single-model dependency<br>• Planning for sudden access loss, policy changes, and vendor shutdowns</p><p>Defensive Strategy<br>• Understanding where AI lives in your workflows<br>• Thinking through AI blast radius<br>• Balancing model capability, access, monitoring, and risk</p><p>Learn more about Black Hills Information Security:<br>https://www.blackhillsinfosec.com/</p><p>Introducing BHIS Fusion Penetration Testing<br>https://www.blackhillsinfosec.com/fusion-penetration-testing/</p><p>Check out Antisyphon Training:<br>https://www.antisyphontraining.com/</p><p>#AISecurity #CyberSecurity #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #Antisyphon #AIRegulation #ExportControls</p><p>----------------------------------------------------------------------------------------------<br>🎧 Subscribe to the Podcast:<br>https://aisecurityops.transistor.fm</p><p>About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/<br>About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/<br>About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/<br>About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/<br>About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/</p><p><strong><ul><li>(00:00) - Intro: The First AI Model Export Control</li> <li>(01:38) - The Anthropic Order and Foreign-National Access</li> <li>(03:19) - EAR, ITAR, and Software as Controlled Technology</li> <li>(04:39) - Mythos-5, Fable-5, and Guarded Model Access</li> <li>(06:32) - Jailbreaks and Cyberweapon Concerns</li> <li>(08:58) - Competition, Regulation, and AI Industry Politics</li> <li>(10:54) - Model Redundancy as a Security Requirement</li> <li>(13:21) - Defensive AI Use and Final Takeaways</li> </ul><br><a href="https://www.youtube.com/watch?v=8EE45CnKQQU" title="Click here to watch this episode on YouTube.">Click here to watch this episode on YouTube.</a><br> <br><strong>Creators &amp; Guests</strong> <ul> <li><a href="https://aisecurityops.transistor.fm/people/brian-fehrman">Brian Fehrman</a> - Host</li> <li><a href="https://aisecurityops.transistor.fm/people/bronwen-aker">Bronwen Aker</a> - Host</li> </ul></strong><br>Brought to you by:</p><p><strong>Black Hills Information Security </strong></p><p><a href="https://www.blackhillsinfosec.com/">https://www.blackhillsinfosec.com</a></p><p><br><strong>☯️ Introducing BHIS Fusion Penetration Testing</strong><br><a href="https://www.blackhillsinfosec.com/fusion-penetration-testing/">https://www.blackhillsinfosec.com/fusion-penetration-testing/</a></p><p><strong>Antisyphon Training</strong></p><p><a href="https://www.antisyphontraining.com/">https://www.antisyphontraining.com/</a></p><p><br></p><p><strong>Active Countermeasures</strong></p><p><a href="https://www.activecountermeasures.com/">https://www.activecountermeasures.com</a></p><p><br></p><p><strong>Wild West Hackin Fest</strong></p><p><a href="https://wildwesthackinfest.com/">https://wildwesthackinfest.com</a></p><p><strong>🔗 Register for FREE Infosec Webcasts, Anti-casts &amp; Summits</strong><br><a href="https://poweredbybhis.com/">https://poweredbybhis.com</a> </p><p><strong><a href="https://share.transistor.fm/s/94b63fd6/transcript" title="Click here to view the episode transcript.">Click here to view the episode transcript.</a><br> </strong><br></p>

Episode thumbnail for Agentic Security: The Maturity Model — From Wild West to Locked Down | Episode 58

June 20, 2026

Agentic Security: The Maturity Model — From Wild West to Locked Down | Episode 58

<p>In this episode of BHIS Presents: AI Security Ops, the team tackles one of the most urgent — and misunderstood — problems in modern security:</p><p>How do you actually secure AI agents?</p><p>Not hypothetically. Not in theory. But in the real world — where agents have access to your filesystem, your credentials, your network… and are making decisions on their own.</p><p>The answer isn’t a single control or tool — it’s a maturity model.</p><p>From “YOLO agent with full access” to fully instrumented, controlled, and observable systems, this episode walks through a five-level maturity model for agentic security — and what it actually takes to move up each stage.</p><p>We dig into:<br>• Why agentic AI introduces a completely different security model<br>• What “Level 0” chaos looks like in real organizations<br>• The risks of giving agents unrestricted access to systems<br>• Why containment is the first real step toward security<br>• How sandboxing changes the risk equation<br>• The importance of logging, monitoring, and visibility<br>• Where most organizations are actually operating today<br>• Why skipping steps in maturity creates hidden risk<br>• How to think about blast radius in agent design<br>• What “fully enforced” agentic security actually looks like</p><p>This episode explores a critical shift in AI security: you’re not just securing models anymore — you’re securing autonomous systems.</p><p>⸻</p><p>📚 Key Concepts &amp; Topics</p><p>Agentic Security<br>• AI agents with system-level access<br>• Autonomous decision-making and execution<br>• Expanding attack surface beyond prompts</p><p>Security Maturity Model<br>• Level 0 → Level 4 progression<br>• Incremental risk reduction strategies<br>• Why maturity matters more than tools</p><p>Containment &amp; Sandboxing<br>• Limiting blast radius<br>• Isolating agent execution environments<br>• Preventing lateral movement</p><p>Monitoring &amp; Observability<br>• Logging agent actions and decisions<br>• Detecting misuse or unexpected behavior<br>• Building visibility into autonomous systems</p><p>Defensive Strategy<br>• Designing for least privilege<br>• Avoiding “full access by default”<br>• Treating agents like untrusted users</p><p>#AISecurity #CyberSecurity #AIAgents #LLMSecurity #ArtificialIntelligence #InfoSec #BHIS #AppSec #AgenticAI<br>----------------------------------------------------------------------------------------------<br>About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/<br>About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/<br>About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/<br>About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/<br>About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/</p><p><strong><ul><li>(00:00) - Intro: The Reality of Unsecured AI Agents</li> <li>(00:24) - The Agentic Security Maturity Model Explained</li> <li>(07:20) - Level 0: Total Chaos (Unrestricted Agents)</li> <li>(11:24) - Level 1: Containment and Basic Guardrails</li> <li>(13:24) - Level 2: Controlled Execution</li> <li>(20:32) - Level 3: Monitoring, Logging, and Visibility</li> <li>(27:00) - Level 4: Fully Enforced Agent Security</li> <li>(28:00) - Final Takeaways: Maturity Over Hype</li> </ul><br><a href="https://www.youtube.com/watch?v=rRMNnZQBH3k" title="Click here to watch this episode on YouTube.">Click here to watch this episode on YouTube.</a><br> <br><strong>Creators &amp; Guests</strong> <ul> <li><a href="https://aisecurityops.transistor.fm/people/bronwen-aker">Bronwen Aker</a> - Host</li> <li><a href="https://aisecurityops.transistor.fm/people/brian-fehrman">Brian Fehrman</a> - Host</li> <li><a href="https://aisecurityops.transistor.fm/people/derek-banks">Derek Banks</a> - Host</li> <li><a href="https://aisecurityops.transistor.fm/people/ethan-robish">Ethan Robish</a> - Guest</li> </ul></strong><br>Brought to you by:</p><p><strong>Black Hills Information Security </strong></p><p><a href="https://www.blackhillsinfosec.com/">https://www.blackhillsinfosec.com</a></p><p><br><strong>☯️ Introducing BHIS Fusion Penetration Testing</strong><br><a href="https://www.blackhillsinfosec.com/fusion-penetration-testing/">https://www.blackhillsinfosec.com/fusion-penetration-testing/</a></p><p><strong>Antisyphon Training</strong></p><p><a href="https://www.antisyphontraining.com/">https://www.antisyphontraining.com/</a></p><p><br></p><p><strong>Active Countermeasures</strong></p><p><a href="https://www.activecountermeasures.com/">https://www.activecountermeasures.com</a></p><p><br></p><p><strong>Wild West Hackin Fest</strong></p><p><a href="https://wildwesthackinfest.com/">https://wildwesthackinfest.com</a></p><p><strong>🔗 Register for FREE Infosec Webcasts, Anti-casts &amp; Summits</strong><br><a href="https://poweredbybhis.com/">https://poweredbybhis.com</a> </p><p><strong><a href="https://share.transistor.fm/s/2f66aa55/transcript" title="Click here to view the episode transcript.">Click here to view the episode transcript.</a><br> </strong><br></p>

Episode thumbnail for Introducing Fusion AI Pentest | Episode 57

June 19, 2026

Introducing Fusion AI Pentest | Episode 57

<p>In this episode of BHIS Presents: AI Security Ops, the team introduces a new approach to offensive security:</p><p>Fusion AI Pentesting.<br><a href="https://www.blackhillsinfosec.com/fusion-penetration-testing/">https://www.blackhillsinfosec.com/fusion-penetration-testing/</a></p><p>As AI continues to reshape cybersecurity, one question keeps coming up — is AI replacing pentesters, or just changing how they work?</p><p>This episode answers that directly.</p><p>Rather than replacing human expertise, Fusion combines AI-driven discovery with human-led validation and exploitation, creating a workflow that’s faster, more scalable, and far more effective than either approach alone.</p><p>The result isn’t just more findings — it’s better findings, faster, with real-world impact.</p><p>We dig into:<br>• What “Fusion AI Pentesting” actually means in practice<br>• Why AI alone isn’t enough for real security testing<br>• How human + AI collaboration outperforms either independently<br>• The difference between finding vulnerabilities and proving impact<br>• Where AI excels in offensive security workflows<br>• Where human intuition and experience still matter most<br>• How this approach scales continuous testing and red teaming<br>• Why traditional pentesting models are starting to break down<br>• How organizations should think about integrating AI into security testing<br>• What this means for the future of offensive security</p><p>This episode highlights a key shift in cybersecurity: AI doesn’t replace the pentester — it changes what a great pentester looks like.</p><p>⸻</p><p>📚 Key Concepts &amp; Topics</p><p>Fusion AI Pentesting<br>• Combining AI discovery with human validation<br>• Augmenting—not replacing—pentesters<br>• Faster, more scalable offensive workflows</p><p>AI in Offensive Security<br>• Automated vulnerability discovery<br>• Pattern matching vs real-world exploitation<br>• Limits of AI-only approaches</p><p>Human + AI Collaboration<br>• Human intuition and domain expertise<br>• Chaining vulnerabilities for real impact<br>• Validating and prioritizing findings</p><p>Security Testing Evolution<br>• Continuous testing vs point-in-time pentests<br>• Red teaming with AI-assisted workflows<br>• Changing expectations for coverage and speed</p><p>Defensive Implications<br>• Better signal vs noise in findings<br>• Faster identification of real risk<br>• Preparing for AI-augmented attackers</p><p>#AISecurity #CyberSecurity #Pentesting #ArtificialIntelligence #LLMSecurity #InfoSec #BHIS #RedTeaming #AIAgents</p><p>----------------------------------------------------------------------------------------------<br>About Melisa Wachs - https://www.blackhillsinfosec.com/team/melisa-wachs<br>About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/<br>About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/<br>About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/<br>About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/<br>About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/</p><p><strong><ul><li>(00:00) - Intro: A Different Kind of AI Sec Ops Episode</li> <li>(01:59) - Introducing Fusion AI Pentesting</li> <li>(03:34) - Why AI Alone Isn’t Enough</li> <li>(05:59) - Human vs AI: Strengths and Limitations</li> <li>(09:12) - Finding vs Exploiting Vulnerabilities</li> <li>(11:43) - How Fusion Improves Speed and Coverage</li> <li>(15:06) - Scaling Offensive Security with AI</li> <li>(18:12) - Final Takeaways: The Future of Pentesting</li> </ul><br><a href="https://www.youtube.com/watch?v=owQcfLFs-2c" title="Click here to watch this episode on YouTube.">Click here to watch this episode on YouTube.</a><br> <br><strong>Creators &amp; Guests</strong> <ul> <li><a href="https://aisecurityops.transistor.fm/people/brian-fehrman">Brian Fehrman</a> - Host</li> <li><a href="https://aisecurityops.transistor.fm/people/derek-banks">Derek Banks</a> - Host</li> <li><a href="https://aisecurityops.transistor.fm/people/melisa-wachs">Melisa Wachs</a> - Guest</li> </ul></strong><br>Brought to you by:</p><p><strong>Black Hills Information Security </strong></p><p><a href="https://www.blackhillsinfosec.com/">https://www.blackhillsinfosec.com</a></p><p><br></p><p><strong>Antisyphon Training</strong></p><p><a href="https://www.antisyphontraining.com/">https://www.antisyphontraining.com/</a></p><p><br></p><p><strong>Active Countermeasures</strong></p><p><a href="https://www.activecountermeasures.com/">https://www.activecountermeasures.com</a></p><p><br></p><p><strong>Wild West Hackin Fest</strong></p><p><a href="https://wildwesthackinfest.com/">https://wildwesthackinfest.com</a></p><p><strong>🔗 Register for FREE Infosec Webcasts, Anti-casts &amp; Summits</strong><br><a href="https://poweredbybhis.com/">https://poweredbybhis.com</a> </p><p><strong><a href="https://share.transistor.fm/s/2d464c80/transcript" title="Click here to view the episode transcript.">Click here to view the episode transcript.</a><br> </strong><br></p>

60 total episodes available

Deep-dive analytics for AI Security Ops

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is AI Security Ops?

Join in on weekly podcasts that aim to illuminate how AI transforms cybersecurity—exploring emerging threats, tools, and trends—while equipping viewers with knowledge they can use practically (e.g., for secure coding or business risk mitigation).

How often does this podcast release new episodes?

This podcast updates daily.

Where can I listen to this podcast?

This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Does this podcast accept guests?

Yes, this podcast regularly features guests.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.