Risky Business Podcast
April 01, 2026
Risky Business #831 -- The AI bugpocalypse begins
Presented by
Enterprise Technology Editor
Technology Editor
CEO and Publisher
On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
- Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package
- TeamPCP appear to have ransacked Cisco’s source and cloud environments
- AI is getting legitimately good at being told to “just go find some 0day in this”
- Kaspersky says Coruna and Triangulation do share code lineage
- Iranian hackers dump Kash Patel’s gmail spool
- Oh, and of course there’s a Citrix Netscaler memory leak being exploited in the wild
This week’s episode is sponsored by Dropzone AI, who make automated AI SOC analysts. Head honcho Ed Wu explains how they’ve built pre-canned ‘hunt packs’ to lead the AI off into your environment to find weird, interesting and security relevant things.
This episode is also available on Youtube.
Brought to you by Dropzone AI
AI SOC Analysts that never sleep. So you can.
Show notes
Google links axios supply chain attack to North Korean group | The Record from Recorded Future News
Cisco source code stolen in Trivy-linked dev environment breach
h0mbre on X: "Claude is somehow better at kernel exploitation than creating meal plans."
Vulnerability Research Is Cooked — Quarrelsome
MAD Bugs: vim vs emacs vs Claude - Calif
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
A Risky Biz Experiment: Hunting for iOS 0day with AI - Risky Business Media
Security leaders say the next two years are going to be 'insane' | CyberScoop
Coruna framework: an exploit kit and ties to Operation Triangulation | Securelist
Apple says no one using Lockdown Mode has been hacked with spyware | TechCrunch
Reverse engineering Apple’s silent security fixes - Calif
Meta and YouTube found liable in social media addiction trial
Iranian hackers publish emails allegedly stolen from Kash Patel
Drop Site on X: "IRGC: From now on, for every assassination, an American company will be destroyed"
Citrix NetScaler products confirmed to be under exploitation | Cybersecurity Dive
Using a VPN May Subject You to NSA Spying | WIRED
Post reporters called the White House. Their phones showed ‘Epstein Island.’ - The Washington Post
Facts Only
North Korean actors inserted a backdoor into the npm package axios, which has over 100 million weekly downloads.
Cisco’s source code and cloud environments were breached, with the attack linked to the Trivy vulnerability.
AI tools, specifically Claude, have demonstrated the ability to identify and exploit zero-day vulnerabilities in software.
Kaspersky researchers found code similarities between the Coruna exploit kit and Operation Triangulation, indicating a potential shared origin.
Iranian hackers published emails allegedly stolen from Kash Patel’s Gmail account.
A memory leak vulnerability in Citrix NetScaler products is being actively exploited in the wild.
Dropzone AI is marketing automated AI SOC analysts with pre-built "hunt packs" to detect security anomalies.
Meta and YouTube were found liable in a trial concerning social media addiction.
The Washington Post reported that calls to the White House displayed "Epstein Island" on caller IDs, suggesting potential spoofing or misconfiguration.
Executive Summary
This week's cybersecurity landscape highlights several critical developments. North Korean actors compromised a widely used npm package, axios, with a backdoor, affecting millions of downloads weekly. Cisco suffered a breach where source code and cloud environments were stolen, linked to the Trivy vulnerability. AI tools like Claude are demonstrating advanced capabilities in vulnerability research, including generating full remote kernel exploits. Kaspersky identified shared code between the Coruna exploit kit and Operation Triangulation, suggesting a common lineage. Iranian hackers leaked emails allegedly from Kash Patel, a former U.S. official, while Citrix NetScaler products face active exploitation due to a memory leak vulnerability. Additionally, AI-driven SOC tools like Dropzone AI are being marketed to automate threat hunting, and legal rulings found Meta and YouTube liable in a social media addiction trial. The narrative underscores escalating threats from state-sponsored actors, AI's growing role in both offense and defense, and ongoing vulnerabilities in widely used enterprise software.
The discussion also touches on broader themes, such as the ethical and practical implications of AI in cybersecurity, the persistence of supply chain attacks, and the geopolitical dimensions of cyber espionage. While AI tools show promise in identifying zero-day vulnerabilities, their deployment raises questions about accountability and the arms race between attackers and defenders. The breach disclosures and legal developments reflect an increasingly complex threat environment, where nation-states, criminal groups, and corporate entities intersect.
Full Take
The strongest version of this narrative highlights the accelerating convergence of AI, geopolitical cyber operations, and systemic vulnerabilities in critical infrastructure. The facts presented—North Korean supply chain attacks, Iranian doxxing, and AI-generated exploits—paint a picture of a cybersecurity landscape where offensive capabilities are outpacing defensive adaptations. The inclusion of AI tools like Claude and Dropzone AI underscores a paradigm shift: automation is no longer just a defensive aid but an offensive multiplier, lowering the barrier to entry for sophisticated attacks. This aligns with historical patterns of technological democratization in warfare, where tools once reserved for nation-states become accessible to smaller actors.
However, the narrative also risks amplifying a sense of inevitability or helplessness, a classic **ARC-0043 Motte-and-Bailey** pattern where the "motte" (cybersecurity is complex) retreats to the "bailey" (we’re doomed unless we adopt AI defenses). The focus on AI’s offensive potential, while factually supported, could obscure the broader systemic issues: poor software supply chain hygiene, over-reliance on reactive defenses, and the lack of international norms for cyber operations. The mention of legal liabilities for Meta and YouTube introduces a secondary thread about corporate accountability, but it’s framed as a standalone event rather than part of a larger pattern of platform governance failures.
Root cause: The underlying paradigm is one of **technological determinism**, where AI is treated as an autonomous force rather than a tool shaped by human decisions. The unstated assumption is that AI’s role in cybersecurity is inevitable and that the only response is to "keep up" with adversaries. This echoes Cold War-era arms race mentalities, where escalation was framed as a natural consequence rather than a series of policy choices. The cost of this framing is a narrowing of agency—individuals and organizations may feel compelled to adopt AI tools without critically assessing their risks or alternatives.
Implications: Human dignity is at stake in the erosion of trust in digital infrastructure. If AI lowers the cost of exploitation, the burden shifts to defenders to automate at an even faster pace, potentially creating a feedback loop of escalation. Second-order consequences include the normalization of breaches as "inevitable," which could weaken public demand for accountability from both corporations and governments.
Bridge questions: How might the cybersecurity community balance the offensive potential of AI with ethical constraints? What alternative frameworks exist for governance that don’t default to an arms race mentality? Would the narrative change if the focus shifted from AI’s capabilities to the human systems that deploy it?
Counterstrike scan: A coordinated influence campaign would likely emphasize the inevitability of AI-driven cyber warfare to push adoption of specific vendor solutions (e.g., Dropzone AI) while downplaying systemic fixes like supply chain security. The actual content aligns partially with this pattern—AI is framed as both a threat and a solution—but stops short of explicit fear-mongering or vendor lock-in advocacy. The inclusion of diverse threats (North Korea, Iran, corporate breaches) resists a single-actor narrative, which is a healthy sign. No structural alignment with a hypothetical attack playbook is detected beyond standard industry marketing.
Patterns detected: **ARC-0043 Motte-and-Bailey**
Sentinel — Human
The article appears to be written by a human journalist, with indications of personal voice, idiosyncratic emphasis, and colloquial language. The text's inconsistent sentence length and varied vocabulary also suggest human authorship.
