Sign up to save your podcasts
Or
Share #408 - AI vs AI with Joseph Carson
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#408 - AI vs AI with Joseph Carson
Jeff and Jim welcome Joseph Carson, cybersecurity expert and host of the Security by Default podcast, for a conversation on AI in offensive and defensive security. Joseph shares the real-world incident that inspired his EIC keynote - watching two AI agents negotiate a ransomware payment live. He breaks down how attackers use unconstrained models to lower the skill barrier and accelerate data exfiltration. The conversation covers NATO Lock Shields, the world's largest live cyber defense exercise, identity as national critical infrastructure, and the EU AI Act's risk-based approach. Also: Estonia's AI tax agents, the energy cost of being polite to AI, and the Tamagotchi theory of human-AI relationships.
Connect with Joseph: https://www.linkedin.com/in/josephcarson
NATO Locked Shields: https://ccdcoe.org/exercises/locked-shields/
Security by Default podcast (Spotify): https://open.spotify.com/show/0mzN5M5CkFVLn8fq5TnH0O
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
TIMESTAMPS
00:00 Welcome and intro
03:02 Conference season and IDAC discount codes
04:19 Introducing Joseph Carson and Security by Default
10:18 Optimist or pessimist on identity security
12:30 AI vs. AI - origin of the concept
15:02 Watching two AI agents negotiate a ransomware payment
17:26 The Tamagotchi metaphor for human-AI relationships
19:07 Who is winning the AI cyber arms race
21:00 How AI accelerates attacker capabilities
23:09 Dark web LLMs and bypassing guardrails
26:36 The energy cost of being polite to AI
28:15 Agentic AI skills, campaigns, and the Matrix analogy
31:34 Estonia AI agents filing tax returns
35:14 Introducing NATO Lock Shields
37:00 Protecting a simulated nation from 8,500 cyber attacks
38:08 Why identity is national critical infrastructure
41:18 AI in Lock Shields before and after
43:05 Lock Shields 2025 scoring explained
47:04 The EU AI Act - is it the next GDPR
50:18 Risk-based approach to AI regulation
53:35 Closing thoughts and cautious optimism
54:21 Scuba diving vs. snowboarding
58:05 Wrap-up
KEYWORDS
AI vs AI, agentic AI, identity security, NATO Lock Shields, EU AI Act, Joseph Carson, Security by Default, ransomware, dark web LLMs, guardrails, data exfiltration, phishing, critical infrastructure, Estonia, cyber defense, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald
View all episodes
By Identity at the Center
4.9
4040 ratings
Jeff and Jim welcome Joseph Carson, cybersecurity expert and host of the Security by Default podcast, for a conversation on AI in offensive and defensive security. Joseph shares the real-world incident that inspired his EIC keynote - watching two AI agents negotiate a ransomware payment live. He breaks down how attackers use unconstrained models to lower the skill barrier and accelerate data exfiltration. The conversation covers NATO Lock Shields, the world's largest live cyber defense exercise, identity as national critical infrastructure, and the EU AI Act's risk-based approach. Also: Estonia's AI tax agents, the energy cost of being polite to AI, and the Tamagotchi theory of human-AI relationships.
Connect with Joseph: https://www.linkedin.com/in/josephcarson
NATO Locked Shields: https://ccdcoe.org/exercises/locked-shields/
Security by Default podcast (Spotify): https://open.spotify.com/show/0mzN5M5CkFVLn8fq5TnH0O
Connect with us on LinkedIn:
Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/
Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/
Visit the show on the web at http://idacpodcast.com
TIMESTAMPS
00:00 Welcome and intro
03:02 Conference season and IDAC discount codes
04:19 Introducing Joseph Carson and Security by Default
10:18 Optimist or pessimist on identity security
12:30 AI vs. AI - origin of the concept
15:02 Watching two AI agents negotiate a ransomware payment
17:26 The Tamagotchi metaphor for human-AI relationships
19:07 Who is winning the AI cyber arms race
21:00 How AI accelerates attacker capabilities
23:09 Dark web LLMs and bypassing guardrails
26:36 The energy cost of being polite to AI
28:15 Agentic AI skills, campaigns, and the Matrix analogy
31:34 Estonia AI agents filing tax returns
35:14 Introducing NATO Lock Shields
37:00 Protecting a simulated nation from 8,500 cyber attacks
38:08 Why identity is national critical infrastructure
41:18 AI in Lock Shields before and after
43:05 Lock Shields 2025 scoring explained
47:04 The EU AI Act - is it the next GDPR
50:18 Risk-based approach to AI regulation
53:35 Closing thoughts and cautious optimism
54:21 Scuba diving vs. snowboarding
58:05 Wrap-up
KEYWORDS
AI vs AI, agentic AI, identity security, NATO Lock Shields, EU AI Act, Joseph Carson, Security by Default, ransomware, dark web LLMs, guardrails, data exfiltration, phishing, critical infrastructure, Estonia, cyber defense, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald
More shows like Identity at the Center
View all
Security Now (Audio)
2,011 Listeners
Risky Business
371 Listeners
HBR IdeaCast
154 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
The Diary Of A CEO with Steven Bartlett
8,876 Listeners
Darknet Diaries
8,077 Listeners
Hacking Humans
315 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,254 Listeners
Cybersecurity Headlines
139 Listeners
The Ezra Klein Show
16,525 Listeners
Honestly with Bari Weiss
8,447 Listeners
The Rest Is Politics
3,858 Listeners
Rabona
4 Listeners
Fotballpodcasten Dødball
0 Listeners