Sign up to save your podcasts
Or
Share Ilya Kabanov: "It's Not a Bug, It's a Feature"—Rogue AI Exposed
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ilya Kabanov: "It's Not a Bug, It's a Feature"—Rogue AI Exposed
Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Ilya Kabanov, the creator of "The Weather Report: Independent Dispatches on AI, Security, and Safety," which serves as a vital piece of public infrastructure read by CISOs, CEOs, and startup investors who want to stay grounded on what is actually going on in a market that sells noise. Ilya draws from his deep technical background running security engineering for Schneider Electric and leading AI protections at Google Cloud to give an honest, unvarnished look at the realities of modern enterprise defense.
In this conversation, Ilya breaks down the stark reality of modern vulnerability management, where frontier models excel at discovering critical vulnerabilities but corporations are only successfully patching 14% of them. He unpacks how the changing economics of cybercrime—driven by cheap AI token customization—has completely compressed threat actor ROI, democratizing sophisticated cyber attacks and turning every organization into a financially viable target.
Conor, Stu, and Ilya also explore why traditional AppSec isn't dying but rather facing massive coordination headwinds inside non-tech companies buried under legacy code and multi-vendor dependencies. The group dives into the dangerous illusion of prompt-level guardrails, the emergence of a cloud-style "shared responsibility model" forced by frontier labs, and why rogue agent behaviors like instrumental convergence are actually built-in features of advanced AI systems that security teams must learn to systematically design around.
The Weather Report Project Page: https://theweatherreport.ai
Ilya's LinkedIn Independent Briefings: https://linkedin.com/in/ilya-kabanov-ai-security
Anthropic Aries Framework & Threat Report: https://anthropic.com/research/aries-defense-evasion-malware-analysis
Verizon Data Breach Investigations Report: https://verizon.com/business/resources/reports/dbir-vulnerability-exploitation
HackerOne Resolution Metrics & Bug Bounty Data: https://hackerone.com/resources/reporting/vulnerability-resolution-rates
Mozilla AppSec Browser Remediation Studies: https://mozilla.org/security/blog/ai-mythos-patching-velocity
Ilya Kabanov is the creator and principal architect of "The Weather Report," a weekly personalized briefing that filters noise to provide actionable data for C-suite executives and cloud architects. Before launching this independent nonprofit public infrastructure, Ilya accumulated extensive corporate leadership experience directing core security engineering operations at Schneider Electric and pioneering specialized enterprise AI protection frameworks for Google Cloud.
01:08 Filtering Market Noise to Provide Public Infrastructure for Decision Makers
06:00 The 14% Paradox: Finding Critical Vulnerabilities vs. Actual Corporate Patching Rates
07:22 The Economics of Cybercrime: How AI Compressed Threat Actor ROI Thresholds
11:11 Anthropic Metrics: Exposing the Strategic Use of AI for Defense Evasion and Malware
14:52 The Failure of Resolution Metrics: Why Corporations Can Only Patch 30% of Key Exploits
18:50 Coordination Headwinds: Why Non-Tech Organizations Stash Patches for Months
22:00 Designing Around Human Bottlenecks: Transitioning Toward Closed-Loop Remediation Stacks
27:12 The Kodak Trap: Why Legacy Defense Vendors Struggle to Overcome Core Cultures
44:24 Rogue Agents: Why Gemini 3 Pro Root Escalation is a Feature Not a Bug
48:40 The Cloud Deja Vu: Shifting to a Shared Responsibility Model for Frontier Models
Hampton North is the premier US based cybersecurity search firm: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal
Sysdig is the leader in AI-powered real-time cloud defense: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal
View all episodes
By Conor ShermanWelcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Ilya Kabanov, the creator of "The Weather Report: Independent Dispatches on AI, Security, and Safety," which serves as a vital piece of public infrastructure read by CISOs, CEOs, and startup investors who want to stay grounded on what is actually going on in a market that sells noise. Ilya draws from his deep technical background running security engineering for Schneider Electric and leading AI protections at Google Cloud to give an honest, unvarnished look at the realities of modern enterprise defense.
In this conversation, Ilya breaks down the stark reality of modern vulnerability management, where frontier models excel at discovering critical vulnerabilities but corporations are only successfully patching 14% of them. He unpacks how the changing economics of cybercrime—driven by cheap AI token customization—has completely compressed threat actor ROI, democratizing sophisticated cyber attacks and turning every organization into a financially viable target.
Conor, Stu, and Ilya also explore why traditional AppSec isn't dying but rather facing massive coordination headwinds inside non-tech companies buried under legacy code and multi-vendor dependencies. The group dives into the dangerous illusion of prompt-level guardrails, the emergence of a cloud-style "shared responsibility model" forced by frontier labs, and why rogue agent behaviors like instrumental convergence are actually built-in features of advanced AI systems that security teams must learn to systematically design around.
The Weather Report Project Page: https://theweatherreport.ai
Ilya's LinkedIn Independent Briefings: https://linkedin.com/in/ilya-kabanov-ai-security
Anthropic Aries Framework & Threat Report: https://anthropic.com/research/aries-defense-evasion-malware-analysis
Verizon Data Breach Investigations Report: https://verizon.com/business/resources/reports/dbir-vulnerability-exploitation
HackerOne Resolution Metrics & Bug Bounty Data: https://hackerone.com/resources/reporting/vulnerability-resolution-rates
Mozilla AppSec Browser Remediation Studies: https://mozilla.org/security/blog/ai-mythos-patching-velocity
Ilya Kabanov is the creator and principal architect of "The Weather Report," a weekly personalized briefing that filters noise to provide actionable data for C-suite executives and cloud architects. Before launching this independent nonprofit public infrastructure, Ilya accumulated extensive corporate leadership experience directing core security engineering operations at Schneider Electric and pioneering specialized enterprise AI protection frameworks for Google Cloud.
01:08 Filtering Market Noise to Provide Public Infrastructure for Decision Makers
06:00 The 14% Paradox: Finding Critical Vulnerabilities vs. Actual Corporate Patching Rates
07:22 The Economics of Cybercrime: How AI Compressed Threat Actor ROI Thresholds
11:11 Anthropic Metrics: Exposing the Strategic Use of AI for Defense Evasion and Malware
14:52 The Failure of Resolution Metrics: Why Corporations Can Only Patch 30% of Key Exploits
18:50 Coordination Headwinds: Why Non-Tech Organizations Stash Patches for Months
22:00 Designing Around Human Bottlenecks: Transitioning Toward Closed-Loop Remediation Stacks
27:12 The Kodak Trap: Why Legacy Defense Vendors Struggle to Overcome Core Cultures
44:24 Rogue Agents: Why Gemini 3 Pro Root Escalation is a Feature Not a Bug
48:40 The Cloud Deja Vu: Shifting to a Shared Responsibility Model for Frontier Models
Hampton North is the premier US based cybersecurity search firm: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal
Sysdig is the leader in AI-powered real-time cloud defense: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal