Microsoft Threat Intelligence Podcast

AI Recommendation Poisoning: When Optimization Becomes Manipulation

In this episode of the Microsoft Threat Intelligence Podcast, Sherrod DeGrippo speaks with Microsoft security and AI researchers Giorgio Severi and Noam Kochavi about a newly observed trend in AI abuse: recommendation poisoning through memory manipulation.  While looking into prompt injection and reprompt-style behaviors, the team uncovered something quieter but potentially more persistent—websites embedding hidden instructions inside Summarize with AI links that attempt to influence what an AI assistant remembers and recommends over time.  Rather than focusing on immediate exploitation, this technique aims to shape long-term behavior inside AI systems. Giorgio and Noam explain how it works, why it’s spreading across industries, where legitimate marketing tactics can blur into security risk, and what defenders and users should understand about managing AI memory in an increasingly agent-driven environment.  In this episode you’ll learn:       How AI memory poisoning differs from traditional prompt injection  Why legitimate businesses are using memory manipulation tactics  What threat hunters can look for inside enterprise telemetry   Some questions we ask:      How is memory poisoning different from prompt injection?  What are the long-term risks of embedding bias into AI memory?  Could this technique be used for more harmful influence beyond marketing?    Resources:   View Giorgio Severi on LinkedIn   View Noam Kochavi on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 

Unpacking the Latest Threats Targeting the Financial Services Industry

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Megan Stalling and Anna Seitz to examine how financially motivated threat actors are using familiar, low-complexity techniques to drive real-world impact across the financial services sector.  They examine Storm-0727, a financially motivated threat actor targeting cryptocurrency, financial services, and government entities, highlighting how simple techniques like financial-themed lures, macro-enabled documents, and credential theft allow attackers to quietly establish and maintain access. The conversation then expands to broader financial-services threat trends, including business email compromise, ransomware with data extortion, phishing-as-a-service, and why social engineering and unpatched vulnerabilities continue to succeed even in mature security environments.  In this episode you’ll learn:       How credential theft helps attackers maintain persistence  Why social engineering works even in well-secured environments  How Storm-0727 targets financial services and cryptocurrency organizations  Some questions we ask:      What happens after a victim opens a macro-enabled document used by Storm-0727?  How are phishing as a service platforms changing the threat landscape?  What major threat trends are currently shaping the financial services sector?    Resources:   View Megan Stalling on LinkedIn   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

Fact vs Hype: How Threat Actors Are Really Using AI Right Now

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researcher Crane Hassold and Digital Defense Report lead Chloe Mesdaghi for a grounded, practitioner-led discussion on where artificial intelligence actually stands today. Moving beyond hype and fear-driven narratives, the conversation examines how AI is realistically being used by threat actors, where its impact is often overstated, and why defenders currently stand to gain the most from AI-driven tooling.   The episode explores AI’s strengths in detection, triage, and workflow acceleration, the psychology and incentives that shape attacker behavior, and emerging risks such as prompt injection and AI systems becoming direct attack targets.  In this episode you’ll learn:       Where AI is genuinely being used in real-world cyber operations  Why AI systems themselves are becoming attractive targets for attackers  How AI is accelerating defensive workflows like detection engineering and threat triage   Some questions we ask:      What does AI do well right now, and where has it been overpromised?  Does AI shift the balance of power toward defenders or attackers?  Why are prompt injection and agent manipulation such serious concerns?    Resources:   View Chloé Messdaghi on LinkedIn   View Crane Hassold on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 

Open SesameOp: Abusing trusted AI platforms to host a C2 server

To kick off Season 3 of Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Jonathan Checchi.   Our guests examine two developments shaping today’s threat landscape: the cloud-native evolution of ransomware group Storm-0501 and the SesameOp backdoor’s abuse of trusted AI platforms for stealthy command-and-control. The discussion highlights how identity, hybrid-cloud pivot points, and federated authentication enable high-impact attacks without traditional malware, and why policy-compliant platform abuse is becoming harder to detect.   Sherrod, Anna, and Jonathan provide guidance for defenders around enforcing MFA, tightening conditional access and identity controls, monitoring across cloud and on-prem environments, and partnering with platform providers to disrupt emerging attacker tradecraft.  In this episode you’ll learn:       What happens when threat actors gain control of highly privileged identities  Why monitoring identity behavior is as critical as monitoring endpoints  How attacker tactics are adapting to environments that blend cloud and on-prem systems   Some questions we ask:      What does recent threat activity tell us about where the landscape is headed?  How is Storm-0501 using federated authentication in their operations?  What should security teams focus on as AI becomes more integrated into systems?  Resources:   View Anna Seitz on LinkedIn   View Sherrod DeGrippo on LinkedIn    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network. 

Whisper Leak: How Threat Actors Can See What You Talk to AI About

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Geoff McDonald and JBO to discuss Whisper Leak, new research showing that encrypted AI traffic can still unintentionally reveal what a user is asking about through patterns in packet size and timing.   They explain how LLM token streaming enables this kind of side-channel attack, why even well-encrypted conversations can be classified for sensitive topics, and what this means for privacy, national-level surveillance risks, and secure product design. The conversation also walks through how the study was conducted, what patterns emerged across different AI models, and the steps developers should take to mitigate these risks.  In this episode you’ll learn:       Why packet sizes and timing patterns reveal more information than most users realize  How user-experience choices like showing streamed text create a larger attack surface  The difference between classic timing attacks and the new risks uncovered in Whisper Leak    Resources:   View JBO on LinkedIn  View Geoff McDonald on LinkedIn    View Sherrod DeGrippo on LinkedIn    Learn more about Whisper Leak     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft, Hangar Studios and distributed as part of N2K media network.