How are AI and automation shaping both the attack and defense sides of cybersecurity?

On this episode of Digital Disruption, we’re joined by the founder and CEO of Have I Been Pwned, Troy Hunt.

Troy Hunt is an Australian security researcher and the founder of the data breach notification service, Have I Been Pwned. With a background in software development specializing in information security, Troy is a regular conference speaker and trainer. He frequently appears in the media, collaborates with government and law enforcement agencies, and has appeared before the U.S. Congress as an expert witness on the impact of data breaches. Troy also serves as a Microsoft Regional Director (an honorary title) and regularly blogs at troyhunt.com from his home on Australia’s Gold Coast.

Troy sits down with Geoff to share eye-opening insights on the evolving threat landscape of 2025 and beyond. Despite the rise of AI and automation, Troy emphasizes that many of today’s most damaging data breaches and ransomware attacks still stem from basic human error and social engineering. He explains how ransomware has shifted from encrypting files to threatening data disclosure, making it harder for organizations to manage risk and justify ransom payments. The conversation also touches on how breach fatigue and apathy have led many individuals and businesses to underestimate cybersecurity risks, even as incidents rise globally. He also highlights how AI tools are being weaponized by both defenders and attackers and argues that cybersecurity isn’t about perfect protection but about finding equilibrium: balancing usability, education, and risk mitigation.

In this episode:

00:00 Intro

01:15 Why human weakness beats AI

02:00 Young hackers and the rise of scattered spider

04:00 From hacktivists to career criminals

05:00 Ransomware’s new tactics

07:30 Should companies pay the ransom?

10:20 Can you ever be fully protected? Defense vs. response

11:20 How to convince boards cybersecurity is worth the money

14:20 Breach fatigue and public apathy

18:00 Reframing what ‘sensitive data’ really means

20:00 Passwords, reuse, and the real risk equation

24:00 Biometrics, face ID & the future of authentication

26:30 Threat Modeling 101

27:30 Barriers to cyber preparedness

29:30 How Have I Been Pwned works

32:00 The Future of Data Breaches

38:00 Microsoft’s Role in the Security Ecosystem

40:30 AI Hype vs. reality in cybersecurity

43:00 When AI helps hackers

52:00 Why transparency still matters after every breach

54:00 Accepting risk, building resilience

Connect with Troy:

Website: https://www.troyhunt.com/

LinkedIn: https://www.linkedin.com/in/troyhunt/

X: https://x.com/troyhunt

Visit our website: https://www.infotech.com/?utm_source=youtube&utm_medium=social&utm_campaign=podcast

Follow us on YouTube: https://www.youtube.com/@InfoTechRG