We’re kicking off the new year by taking a closer look at some of the threats that will shape 2026, and how they impact defenders.

In this episode of the mnemonic security podcast, Robby welcomes Candid Wüest, Principal Security Advocate at xorlab, drawing on more than 25 years of experience in the field. After seeing Candid's talk “The Rise of AI-Driven Malware: Threats, Myths, and Defenses” at BlackHat Europe, Robby invited him to share his research and perspectives on the current state of AI-driven malware.

They talk about the most common misunderstandings around AI-powered, AI-generated and AI-supported threats, as well as which types of LLM-related attacks Candid expects to make the news, and actually be effective, in 2026.

Candid also shares his thoughts on how defenders’ roles are evolving, where he has seen organisations successfully implement AI in defense, and why going back to basics still matters. They also explore some of the biggest topics from Black Hat Europe in December, including AI-enabled SOCs.

Send us a text

What is the future of MDR?

In this episode of the mnemonic security podcast, Robby is joined by Migjen Hakaj from mnemonic's Innovation & Emerging Technologies Department and Amine Besson, Director at Behemoth Security.

They've joined forces by collecting their shared extensive experience with security monitoring, and published a popular three-part blog series on what Managed Detection and Response (MDR) really is on a deep level, where they examine the past, present, and future challenges within the field.

In their conversation they talk about the evolution of the SOC space, what main forms of security operations they are seeing today, and why they believe the SOC needs to change.

They also explain why it's hard to define what MDR really is today, the main value proposition of MDR providers, and what the next big differentiators for MDR providers will be. As well as in what ways they've seen that the industry has matured over the last few years, where the industry needs radical change, and where AI SOC has a place and where its main challenges lie.

Interested in more? Visit their blog series:

The Present and Future of Managed Detection and Response: https://detect.fyi/the-present-and-future-of-managed-detection-and-response-01a72088e6f6

The missing link in MDR. Spoiler, it starts with a Detection Engineering framework: https://detect.fyi/the-missing-link-in-mdr-spoiler-it-starts-with-a-detection-engineering-framework-5f836347c92f

Beyond Detections : Scaling Analysis & Response to keep MDR relevant: https://detect.fyi/beyond-detections-scaling-analysis-response-to-keep-mdr-relevant-592285d0fd25

Send us a text

In this short and sweet episode on agentic browsers, we’re joined by Helen Kearney, a leader in helping humanitarian and non-profit organisations use technology strategically, responsibly, and with real impact.

Robby and Helen discuss the challenges and opportunities posed by these new browsers, where their "agentic" abilities create new risks, raise questions about ethical AI use, and heighten concerns around safeguarding sensitive data.

Helen also shares the conversations she’s having across the humanitarian sector as AI tools go mainstream - what’s inspiring, what’s misunderstood, and the developments she believes deserve far more attention.

Send us a text

Start your week with a laugh. And yes, it’s work-relevant.

Today’s guests, John Fokker, Head of Threat Intelligence, and Jambul Tologonov, Security Researcher at Trellix, have spent years monitoring the dark web and have quite a few stories to tell.

They are joining Robby to talk about their concept "Dark Web Roast", a satirical look at cyber criminals and their world of crime, aiming to show that at the end of the day, these threat actors are just human beings, messing up just like anyone else.

In the episode, they take us behind the scenes of the dark web: exposing failures among cybercriminals, uncovering ransomware-group drama, and revealing the vanity and rivalries fueling it all.

Send us a text

In this episode of the mnemonic security podcast, we take a closer look at a tension that remains invisible to most of us, yet is very real: the quiet conflict unfolding within our critical infrastructure.

This topic gave us the perfect excuse to once again invite one of our favorite guests, for the fourth time, Joe Slowik. Joe brings over 15 years of experience in cyber threat intelligence (CTI), detection engineering, and incident response, with expertise in industrial control systems (ICS), operational technology (OT), and critical infrastructure environments. He currently serves as Director of Cybersecurity Alerting Strategy at Dataminr.

In his conversation with Robby, Joe explores the threats posed by Volt Typhoon, a state-sponsored Chinese cyber operation known for targeting critical infrastructure, primarily in the United States. They discuss the origins and activities of the group, recent operations, and Joe also shares his research into what this group has the potential to achieve based on their current operations and proven capabilities.

The discussion also covers Joe’s broader research into China’s cyber eco-system and how it has evolved, including the country’s extensive network of research institutions, companies, and lesser known contractors. Joe also shares his observations about current trends in the OT industry, insights into his upcoming areas of research within OT, and his perspective on where the field is heading.

Send us a text

In this episode, Robby welcomes Dan Cleary, Co-founder and CEO of PromptHub, an organisation focused on enhancing LLM-based applications. He’s also one of the organisers behind the Prompt Engineering Conference, the world’s first event exclusively dedicated to prompt engineering, taking place in London on October 16th.

They discuss prompt engineering and management, what to expect from the upcoming conference, and what this emerging field means for enterprise AI and security.

Cleary also shares why centralised prompt management matters, how AI’s role in enterprise adoption is evolving, and what security professionals should explore to stay ahead.

Send us a text

Everyone’s talking about Agentic AI, but beyond the buzz, what’s actually happening on the ground? The mnemonic security podcast is continuing to dive into the world of Agentic AI in our latest episode, recorded live at Sikkerhetsfestivalen.

For this episode, Robby is joined by fellow podcaster (CloudFirst Podcast and KI til Kaffen) Marius Sandbu. They look at real-world implementations of agent-based systems, particularly what’s been done in Norway. And try to answer the question: are we ahead, behind, or just cautious?

They also discuss lessons learned from local projects, the current state of the global ecosystem, and what it really takes to make Agentic AI useful; diving into integration concepts like MCP and RAG, and how they’re being applied in practice.

Send us a text

Brian Singer, a PhD candidate at Carnegie Mellon University, joins Robby to talk about his research on creating autonomous attackers and defenders for networks. In their conversation, they discuss how Brian and his team made a system that uses LLMs to autonomously attack networks.

Singer and his team recently got a lot of attention after using this system to successfully recreate the Equifax cyber-attack from 2017, one of the largest data breaches in U.S. history, in a virtualised cloud environment. In turn, showing how LLMs can be taught to plan and execute sophisticated cyberattacks without a human involved.

They also talk about how LLMs are unlocking new capabilities for defenders, where he is seeing a lot of opportunity, and how he thinks security will be developing the next three to five years. 

Send us a text

Trust is one of the most powerful and dangerous currencies that we have. Whether it's a phishing email, a romance scam or a human trafficking operation, the criminals behind it exploit some of the same dynamics; mainly that trust can be earned by playing to our emotions.

This is particularity true when it comes to this episode’s topic; the global crime of "pig butchering". The scam involves luring victims into fake romantic relationships, convincing them to invest in cryptocurrency schemes, and then stealing their money through fake investment platforms. It’s worth to add that the term is a violent term for a violent crime, and that financial grooming might be more fitting description.

This week’s guest, Erin West, spent 26 years as a district attorney, and the last few years she’s been exclusively working on these kinds of scams. She’s been featured in the Wall Street Journal about her work, testified before Congress and started her own non-profit (Operation Shamrock) focusing on educating about and disrupting transnational organised crime.

Erin explains how Chinese organised crime uses high-tech methods, including cryptocurrency, to defraud victims of their life savings, the link to human trafficking, and the surprising scale of it all.

Send us a text

This episode, we’re joined by Ford Merrill, Senior Director of Research and Innovation at SEC Alliance, to discuss the evolution and sophistication of Phishing as a Service (PhaaS).

Merrill shares from his 11 years of experience working on security research in primarily the areas of phishing and DDoS botnets. In the episode, he talks about the shift from Russian to Chinese-speaking operators, who the developers of advanced kits like Darcula and Lighthouse are, and who actually uses them to impersonate brands for financial gain.

Merrill also outlines a complex ecosystem with supporting technologies and roles involving spammers, data brokers, and money launderers. He also shares what thinks needs to be done to respond this problem, and where he sees rays of hope already.

Related resources:

If you haven’t listened to our series on Darcula, a phishing-as-a-service operation targeting victims globally, check out episode 137 and 138 to hear Robby’s interview with mnemonic's security researchers Erlend Leiknes and Harrison Sand about the findings from their technical investigation into the phishing kit platform Magic Cat. And hear how this story progressed as Robby interviews investigative journalist Martin Gundersen from the Norwegian media agency NRK.

Send us a text