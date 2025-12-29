A new take on bug bounties, AI red teams and our New Year’s resolutions

Say your cloud storage service gets hacked. Say the attackers broke in by exploiting a vulnerability in an open-source library your organization used to build the service. Who owns that vulnerability? 

Microsoft is trying to clear some of the smog obscuring the software supply chain by expanding its bug bounty program to include some third-party code that affects it services. In this episode of Security Intelligence, panelists Jeff Crume, Nick Bradley and Claire Nuñez discuss what that move means for cybersecurity responsibility models going forward. We also analyze how a three-year-old LastPass breach is still giving cybercriminals new credentials to steal. Turns out “harvest now, decrypt later” isn’t just a quantum concern.

Plus: OpenAI fights prompt injections with an automated, AI-powered red team, hackers have a new tool to make ClickFix attacks even easier and we share the New Year’s Resolutions we hope organizations will make in 2026. All that and more on Security Intelligence!

  • 00:00 — Introduction 
  • 1:11 — Cybersecurity resolutions
  • 6:51 — Microsoft’s new bug bounties 
  • 14:00 — The LastPass breach’s long tail 
  • 26:07 — Automated red teaming 
  • 33:22 — ClickFix-as-a-service

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.
Watch all the episodes
Subscribe now on your favorite platform YouTube Spotify Apple Podcasts Casted
Explore more episodes Why it costs so much to get hacked in America Cybersecurity’s year in review: ClickFix attacks, vibecoding vulnerabilities, shadow agents and more AI browser bans and the top software flaws of 2025
You might also like Google’s Gemini 3: AI agents, reasoning and search mode AI and cyber resilience: What every C-Suite must know What is a data breach?

Related resources

Close-up of person's hand holding a shield icon with padlock inside, with neural pathways connected to it
Learn more about cybersecurity
3D render of two translucent cubes
Cost of a Data Breach Report 2025
IBM Think Podcast thumbnail for Techsplainers
Whats is a data breach?
Back view of person working on computer in a server room
What is social engineering?
AI in Action Podcast artwork
When AI governance meets cybersecurity

Latest podcast episodes

Podcasts

Listen to engaging discussions with tech leaders. Watch the latest episodes.

 Listen to all IBM Think podcasts
Mixture of Experts podcast album art
AI code generation: Wins, fails and the future
Techsplainers by IBM - audio podcast album art
What is a multi-agent system?
Security Intelligence podcast album art
The defining cybersecurity stories of 2025
The Coherence Times podcast album art
When will quantum computers beat classical computers?
MASTERS: AI in Action Podcast AI in Action thumbnail Think newsletter
How UFC uses AI to turn data into real-time insights
Techsplainers by IBM - audio podcast album art
What is generative AI?
Mixture of Experts podcast album art
Disney's AI bet: USD 1B OpenAI content deal explained
Security Intelligence podcast album art
AI browser bans and the top software flaws of 2025
Transformers podcast artwork
From Elephants to AI Agents: A CXO Survival Guide
The Coherence Times podcast album art
Using quantum computers to uncover the mysteries of quantum physics
Techsplainers by IBM - audio podcast album art
What is AI MLOps?
Smart Talks with IBM podcast artwork
Unlocking Our Quantum Future
Transformers podcast artwork
Adaptability Quotient: The CIO edge in an AI world
Smart Talks with IBM podcast artwork
Creating Smarter Business with AI and Quantum
Mixture of Experts podcast album art
Why language models hallucinate, revisiting Amodei’s code prediction and AI in the job market
Follow us

Follow us on Apple Podcasts and Spotify.

 Catch every episode
Cyber security concept and internet privacy data protection Modern showing padlock protecting business and financial data to protect persona