Jeff Crume and Patrick Fussell from IBM's X-Force team share a real-world ethical hacking war story, demonstrating an attack from an 'assume breach' perspective. They break down how vulnerabilities in Identity and Access Management (IAM) and legacy systems can lead to a full compromise, starting from an insider threat and escalating to domain administrator privileges through advanced C2 attacks and lateral movement.
In this discussion, experts Sridhar Muppidi and Cris Thomas explore the security implications of emerging AI technologies. They analyze new attack vectors using malicious AI agents, the critical gap in AI governance, the evolution of malware to mimic human behavior, and a novel smishing scheme designed to manipulate stock markets. The conversation also covers the current state and future of bug bounty programs in an AI-driven world.
Bob Kalka from IBM and Tyler Lynch from HashiCorp discuss the critical disconnect between managing human and non-human identities, which contributes to 80% of all cyberattacks. They introduce the concept of an 'Identity Fabric'—an AI-augmented approach to unify existing tools—and outline six key use cases and a three-phase strategy to address modern identity and access management (IAM) challenges.
A breakdown of key findings from the IBM 2025 Cost of a Data Breach Report, focusing on the financial impact of breaches, the dual role of AI in attacks and defense, primary threat vectors, and actionable recommendations for improving security posture.