00:00 Intro

03:17 Banks call out US Treasury's cybersecurity failures

28:54 SEC scraps proposed cybersecurity rules

38:05 What makes AI Security different

Banks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/

SEC scraps proposed cybersecurity rules for investment advisers, market participants. The U.S. Securities and Exchange Commission (SEC) has scrapped proposed cybersecurity regulations targeting investment advisers, funds, and market participants. The withdrawal reflects pushback from the financial industry, which cited concerns over compliance burdens and regulatory overlap. Critics argue the move weakens oversight as cyber threats continue to rise across the financial sector. https://www.cybersecuritydive.com/news/sec-withdraw-cyber-rules-investment-advisers-funds/750786/

Exclusive: New Microsoft Copilot flaw signals broader risk of AI agents being hacked—‘I would be terrified’. A newly discovered vulnerability in Microsoft’s Copilot platform—dubbed “Echoleak”—allows malicious actors to extract private user data from AI agent interactions. The flaw underscores the broader risks associated with AI-powered assistants, particularly as they become more deeply embedded in enterprise workflows. Experts warn this class of attacks could signal a new era of AI exploitation. https://fortune.com/2025/06/11/microsoft-copilot-vulnerability-ai-agents-echoleak-hacking/

Hosts:

• Jerry Perullo (Founder, https://adversarial.com/)
• Sounil Yu (Founder, https://www.knostic.ai/)
• Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)

00:00 Intro

04:15 Our journeys from CISOs to Entreprenuers

23:48 Trump changes Biden's Cyber EOs

28:40 States rebuff proposed federal ban on AI laws

36:43 Vanta bug exposes customers' data to other customers

49:12 SentinelOne outage

52:53 Banking groups ask SEC to drop incident disclosure requirements

1:00:37 Cybersecurity teams generate average $36M in business growth

1:03:50 Cybersecurity Companies Want to Go Public. The Market Isn’t Letting Them

Trump Cybersecurity Fact Sheet President Trump announced a reprioritization of U.S. cybersecurity efforts, shifting away from prior frameworks and emphasizing national defense and economic resilience. https://www.whitehouse.gov/fact-sheets/2025/06/fact-sheet-president-donald-j-trump-reprioritizes-cybersecurity-efforts-to-protect-america/

Vanta Bug Exposed Customer Data A software flaw in Vanta's platform briefly exposed sensitive compliance data between customers. https://techcrunch.com/2025/06/02/vanta-bug-exposed-customers-data-to-other-customers/

SentinelOne Outage A major backend outage at SentinelOne disrupted security operations for numerous customers. https://apple.news/AuaqeFPP8QUyoOwuAwvRBkA

States Push Back on Federal AI Law Ban U.S. states are resisting a federal proposal to ban state-level AI regulation, citing sovereignty and innovation concerns. https://www.wsj.com/articles/states-rebuff-proposed-federal-ban-on-ai-laws-6dde3ce6?mod=procyber_lead_pos1&tpl=cs

Banking Groups Oppose SEC Cyber Rule Banking associations urged the SEC to drop mandatory cyber incident disclosure rules, citing risk to financial stability. https://ecency.com/hive-167922/@justmythoughts/banking-groups-ask-sec-to

Cybersecurity Teams “Drive $36M in Growth” A report claims cybersecurity teams deliver $36M in business value annually—an assertion met with industry skepticism. https://www.infosecurity-magazine.com/news/cybersecurity-teams-business-growth/

Cybersecurity IPO Market Frozen Despite strong interest, cybersecurity companies are unable to go public due to investor hesitation and market volatility. https://www.wsj.com/articles/cybersecurity-companies-want-to-go-public-the-market-isnt-letting-them-60bfe663

Hosts:

• Jerry Perullo (Founder, https://adversarial.com/)
• Sounil Yu (Founder, https://www.knostic.ai/)
• Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)

00:00 Intro

02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals

14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom

26:24 Fake OpenAI MCP Integration

32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

36:03 Destructive malware available in NPM repo went unnoticed for 2 years

48:10 Sam & Jony introduce io

58:23 Discussion: how risky are local admin rights?

Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals

In May 2025, an international coalition led by Microsoft, the U.S. Department of Justice, Europol, and Japan's Cybercrime Control Center dismantled the Lumma Stealer malware operation.

https://www.wired.com/story/lumma-stealer-takedown-disrupted/

Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom

Hackers bribed overseas Coinbase customer support agents to steal sensitive user data, leading to a breach prompting a $20M ransom, which Coinbase refused, instead offering a $20M bounty for information leading to the attackers' arrest.

https://www.cnbc.com/2025/05/15/coinbase-says-hackers-bribed-staff-to-steal-customer-data-and-are-demanding-20-million-ransom.html

Fake OpenAI MCP Integration

A fake OpenAI MCP integration was found by a security researcher, showing the importance of security in emerging technologies.

https://www.linkedin.com/feed/update/urn:li:activity:7331118878384615424/

Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Three malicious npm packages targeting macOS users of the AI-powered code editor Cursor have infected over 3,200 developers by harvesting credentials.

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

Destructive malware available in NPM repo went unnoticed for 2 years

A destructive malware campaign infiltrated the npm ecosystem for over two years, with malicious packages disguised as legitimate tools targeting popular JavaScript frameworks.

https://arstechnica.com/information-technology/2025/05/destructive-malware-available-in-npm-repo-went-unnoticed-for-2-years/

Sam & Jony introduce io

OpenAI has announced the acquisition of Jony Ive's AI hardware startup, io.

https://openai.com/sam-and-jony/

Hosts:

• Jerry Perullo (Founder, https://adversarial.com/)
• Sounil Yu (Founder, https://www.knostic.ai/)
• Mario Duarte (Founder, stealth startup)

Producer: Tillson Galloway (https://tillsongalloway.com)