Episodes
359
Latest episode
Jun 2026
Language
EN
Every week, Dennis Fisher and Lindsey O'Donnell-Welch, the editors of Decipher, bring you exclusive, in-depth conversations with security researchers, CISOs, founders, and security experts to hellp you understand the threat landscape and better protect your organizations.
Alex Pinto, one of the lead authors of the Verizon Data Breach Investigations Report, joins Dennis to talk about his organization's newest publication, the Breach Impact Study, which digs into the real world cost of breaches, both in dollars and in organizational impact. Spoiler: Breaches are expensive.Verizon BIS: https://www.verizon.com/business/resources/reports/2026-breach-impact-study-dbir.pdf
This week was blessedly free of any major supply chain compromises, so we start by talking about new research from Anthropic on the shrinking window between bug disclosure and exploitation, then we discuss the changing patch schedule for Cisco and how all of this is changing the prioritization process for security teams, and finally we discuss some upcoming episodes and our latest hacker movie podcast on The Conversation.LinksAnthropic research: https://decipher.sc/2026/06/10/anthropic-warns-of-llms-impact-on-already-shrinking-n-day-exploit-gap/Cisco patch change: https://blogs.cisco.com/security/strengthening-the-foundation-a-predictable-customer-focused-response-to-ai-accelerated-vulnerability-discoveryThe Vulnpocalypse: https://thevulnpocalypse.com/
Perhaps no film captures the paranoia and anxiety of the 1970s better than The Conversation, Francis Ford Copolla's masterpiece about reclusive surveillance expert Harry Caul, a man who it's safe to say has some demons. Decades before we all agreed to carry tracking and recording devices in our pockets, The Conversation shows us just how invasive and damaging technology can be.
We regret to inform you that there are more npm supply chain attacks this week, and a new variant of the Shai Hulud worm is involved. We also talk about the new analysis from Anthropic on a year of data relating to how attackers are using AI in their operations, and the continuing adventures of Microsoft's relationship with security researchers.
The recent Nightmare-Eclipse zero day drop and attendant drama has stirred up all kinds of trouble and unfortunately spurred Microsoft to publish a post scolding security researchers for not using the "proper channels" to disclose bugs, threatening legal action, and generally dredging up every hobby horse from the threadbare disclosure debate. LinksMSRC post: https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosureDecipher story: https://decipher.sc/2026/05/28/the-past-is-always-present-in-vulnerability-disclosure/Expel event: https://info.expel.com/event-mythos-unhappy-hour.html
After being caught in one of the more notorious battles in modern American history, Matt Eversmann's military career has become the stuff of legend. The Battle of Mogadishu, immortalized in the book and movie Black Hawk Down, was a pivotal event in U.S. history and in the lives of Matt and his fellow soldiers. Now retired from the army and focusing on training the next generation of leaders, Matt joins Dennis Fisher to talk about his career, what he's learned from his failures and successes, and how vital resilience and perseverance are for success in any field. Matt's biography: https://thayerleadership.com/team-member/first-sergeant-matt-eversmann/
In the spring, a young attacker's fancy turns to supply chain compromises, and this season's crop includes the GitHub breach and the Grafana intrusion, which are connected and trace back to the TanStack supply chain attack and...TeamPCP. LinksGrafana attack: https://decipher.sc/2026/05/17/grafana-investigating-token-compromise-and-extortion-attempt/GitHub breach: https://decipher.sc/2026/05/20/github-confirms-internal-breach/
Finding a huge pile of bugs with Claude Mythos is great, but the logical next step is figuring out how many of those vulnerabilities are likely to be exploited in the near future. Jay Jacobs and Michael Roytman of Empirical Security join Dennis to talk about how the Exploit Prediction Scoring System can help teams make informed decisions and prioritize patching the most important vulnerabilities. Jay and Michael are pioneers in the data-driven security field and help steer the EPSS effort.
Unlike a lot of founders in the industry, Sravish Sridhar hasn't spent his career in the security world. He comes from a background in distributed computing and advanced math, and is a successful entrepreneur who's now bringing that experience to bear at TrustCloud, where he's helping CISOs automate and streamline their compliance programs.
Few people (if any) have spent more time thinking about and working on the hard problems in security and software than Gary McGraw, and he also happens to have a PhD in cognitive science and computer science and has been studying neural nets and AI systems for 30+ years. Gary joins Dennis to talk about his team's new research into AI security benchmarks, measurement, and bringing a software security approach to LLMs and AI systems. LinksBIML report: https://berryvilleiml.com/results/no-security-meter-ai.pdf
Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.
Claim this listing
Jeremy Snyder
Richey Malhotra
Drive Electric Alabama
Proxify
Rupa Singh
The National Academy of Sciences
