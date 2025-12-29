A new take on bug bounties, AI red teams and our New Year’s resolutions
Say your cloud storage service gets hacked. Say the attackers broke in by exploiting a vulnerability in an open-source library your organization used to build the service. Who owns that vulnerability?
Microsoft is trying to clear some of the smog obscuring the software supply chain by expanding its bug bounty program to include some third-party code that affects it services. In this episode of Security Intelligence, panelists Jeff Crume, Nick Bradley and Claire Nuñez discuss what that move means for cybersecurity responsibility models going forward. We also analyze how a three-year-old LastPass breach is still giving cybercriminals new credentials to steal. Turns out “harvest now, decrypt later” isn’t just a quantum concern.
Plus: OpenAI fights prompt injections with an automated, AI-powered red team, hackers have a new tool to make ClickFix attacks even easier and we share the New Year’s Resolutions we hope organizations will make in 2026. All that and more on Security Intelligence!
00:00 — Introduction
1:11 — Cybersecurity resolutions
6:51 — Microsoft’s new bug bounties
14:00 — The LastPass breach’s long tail
26:07 — Automated red teaming
33:22 — ClickFix-as-a-service
The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.