Identity, AI Agents, and the Session Token Time Bomb | Carey Frey (CSO, TELUS) on Cybersecurity Today

In this Cybersecurity Today weekend edition, David Shipley interviews Carey Frey, Chief Security Officer at TELUS, about the evolution of identity security and why it's a growing risk in the age of generative and agentic AI. Frey recounts his career from Canada's Communications Security Establishment to leading TELUS's internal security and managed cybersecurity services, then explains how convenience-driven identity decisions led from PKI's unrealized promise to passwords, bearer/session tokens, and today's widespread session cookie theft. He describes lessons from TELUS's deployment of FIDO2 phishing-resistant tokens, the dangers of long-lived SSO tokens across SaaS ecosystems, and how agentic "auto-browse" could amplify harm via the "lethal trifecta" and ephemeral agents with poor auditability. Frey highlights the Syne/SignNet CISO Identity Handbook and calls for stronger cryptographic roots of trust, proof-based tokens, re-authentication across trust domains, and fine-grained delegation guardrails.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor Message
00:24 Weekend Edition Intro
00:32 Meet Carey Frey
02:07 Carey's Cyber Origin Story
03:47 Telus Security Two Hats
06:22 Identity's Broken Legacy
08:43 Why PKI Didn't Win
11:25 Passkeys Missed Moment
14:10 SSO Tokens Surprise
19:50 Session Theft Reality
23:18 Agentic AI Stakes
24:17 Building Identity Playbook
25:24 Identity Maturity Model
25:49 Fixing OAuth and SAML
27:00 Industry Call to Action
27:37 Where to Find the Handbook
28:06 Not a Vendor Pitch
30:13 Agentic AI Identity Gaps
31:30 Auto Browse Threat Scenario
33:12 Lethal Trifecta Explained
34:31 Ephemeral Agents and Forensics
37:08 Supply Chain Agent Malware
38:20 Crypto Roots of Trust
39:35 Proof Tokens and Reauth
40:17 Delegation Guardrails
42:34 Regulation or Market Forces
44:25 Practical Risk Decisions
46:20 Wrap Up and Next Resources
48:00 Sponsor and Closing Credits

Cisco SD-WAN Bug Actively Exploited, MCP Azure Takeover Demo, CarGurus Data Leak, and Secret Service Scam Recovery

Host Jim Love covers four cybersecurity stories: CSA warns a critical Cisco Catalyst SD-WAN controller vulnerability (CVE-2026-20127) has been exploited since 2023, enabling authentication bypass and rogue peering sessions, and orders U.S. federal agencies to inventory systems, collect logs and forensic artifacts, hunt for compromise, and apply Cisco's fixes by 5:00 PM ET on February 27, 2026, with no workarounds. At RSA, researchers show how flaws in Model Context Protocol (MCP)—a key integration layer for agentic AI—could lead to remote code execution and even Azure tenant takeover, highlighting rising enterprise risk. ShinyHunters reportedly published 12.4 million stolen CarGurus records, raising phishing and fraud concerns tied to vehicle shopping and financing context. Finally, an Ontario tech support scam victim recovers funds through coordinated work by Ontario Provincial Police and the U.S. Secret Service, which traced and froze the money in time.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

LINKS
Cisco Advisory
Cisco Security Advisory – CVE-2026-20127
Authentication bypass vulnerability in Cisco Catalyst SD-WAN
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

CISA Supplemental Hunt and Hardening Guidance (Cisco SD-WAN Systems)
https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems

Threat Hunt Guide (Technical PDF)
Cisco SD-WAN Threat Hunt Guide (jointly referenced in federal guidance)
https://media.defense.gov/2026/Feb/25/2003880299/-1/-1/0/CISCO_SD-WAN_THREAT_HUNT_GUIDE.PDF

00:00 Sponsor Message
00:19 Cisco SD-WAN Under Attack
02:48 MCP Azure Takeover Demo
05:28 CarGurus Data Dump
07:16 Secret Service Scam Recovery
09:24 Closing Sponsor Thanks

Discord Drops Persona Age Verification, SolarWinds Serv-U Critical RCEs, Splunk Windows Priv Esc, and Smart TV Screenshot Surveillance Lawsuits

In this episode of Cybersecurity Today, host Jim Love covers Discord ending its age-verification experiment with Persona after user backlash and researcher findings that Persona's front-end code suggested up to 269 verification checks, including watch list screening and risk scoring, amid already-thin trust following an earlier breach that exposed government ID images. The show also highlights SolarWinds Serv-U 15.5.0.4 patches for four critical (CVSS 9.1) remote code execution vulnerabilities (CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541), noting they require high privileges and that self-hosted Windows/Linux instances must be upgraded, with estimates ranging from under 1,200 to over 12,000 internet-exposed servers. Splunk discloses a high-severity Windows privilege escalation flaw (CVE-2025-2386, CVSS 8.0) caused by incorrect install-directory permissions in versions before 10.0.0.2, 9.4.0.6, 9.3.0.8, and 9.2.10, enabling local users to potentially escalate privileges and tamper with logging. Finally, Texas Attorney General Ken Paxton sues Samsung, Sony, LG, Hisense, and TCL, alleging smart TVs use automated content recognition to capture screen content—potentially up to twice per second—and transmit it without meaningful consent, with implications for both home viewing and confidential business use; the episode emphasizes reviewing and disabling ACR settings and accounting for network-connected screens in security models.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor Message Meter
00:20 Discord Age Verification Backlash
01:37 Persona Code Raises Alarms
03:08 SolarWinds Serv-U Critical RCEs
04:51 Splunk Windows Priv Esc
06:18 Smart TV Screenshot Surveillance
08:35 Wrap Up and Sponsor Thanks

AI-Accelerated FortiGate Breaches, Amazon Kiro Prod Disruption, Claude Code Security, Salt Typhoon Warning, and Youth Radicalization Risks

Episode of Cybersecurity Today (hosted by David Shipley) covering: a Russian-speaking hacker using AI-written automation tools to breach 600+ Fortinet FortiGate firewalls across 55 countries by exploiting weak passwords and exposed management interfaces without MFA, with advice to lock down edge management access, enforce MFA, and strengthen password policies; an Amazon Kiro AI coding tool incident tied to a misconfigured role that allegedly deleted and recreated a production environment, causing a 13-hour disruption to AWS Cost Explorer services in one of two mainland China regions, prompting warnings about giving AI agents access to production and the need for guardrails and review processes; Anthropic's Claude Code Security launch, an AI-driven code vulnerability analysis feature that maps code interactions and data flows, provides severity and confidence scoring, keeps humans in the loop, and sparked stock drops for CrowdStrike and Cloudflare while noting limits for legacy code; an FBI warning that China-linked Salt Typhoon remains a serious threat in 80+ countries by exploiting basic weaknesses like unpatched systems, old code, reused passwords, and phishing, alongside concern over the FCC loosening US telecom cybersecurity requirements and calls for stronger critical infrastructure regulation and secure-by-default equipment; and a Canada-focused segment on youth online radicalization including a second RCMP terrorism peace bond in New Brunswick linked to the 764 extremist network (designated a terrorist organization in December 2025), plus reporting that the Tumbr Ridge, BC school shooting suspect had a ChatGPT account suspended in June 2025 and that OpenAI employees allegedly sought to notify authorities but were rebuffed, drawing condemnation from BC Premier David Eby and federal AI minister Evan Solomon and renewed calls for stronger cooperation, accountability, and intervention frameworks.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:48 AI-Automated Hacking: 600+ FortiGate Firewalls Breached
02:25 How to Defend: Lock Down Edge Management, MFA, Strong Passwords
03:28 Amazon's Kiro AI Coding Tool Incident: 'Deleted Prod' and Lessons Learned
06:44 Claude Code Security: AI-Powered AppSec for Developers (and the Hype)
10:20 FBI Warning: Salt Typhoon Still Hitting Telecoms Worldwide
13:32 Youth Radicalization & AI Safety Failures: 764 Network and Tumblr Ridge Aftermath
18:12 Wrap-Up + Sponsor Message: Meter Demo Info

Jim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Security, who argues AI agents are fundamentally hard to secure because they are non-deterministic, have infinite input/output space, and often require broad permissions to be useful.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

Shlomo proposes focusing security on access, identity, attribution, least privilege, and auditability rather than trying to filter prompts and outputs, and describes Token's "intent-based permission management" approach that maps agents and sub-agents as non-human identities tied to their purpose and allowed actions. The conversation covers real-world risks such as developer tools like Claude Code running with extensive access, widespread over-provisioning of admin permissions and API keys, exposure of unencrypted local token files, and misconfigurations that leak data publicly. Shlomo recommends organizations build governance processes for agents—discovery/inventory, boundary setting, continuous monitoring, and secure decommissioning—and says AI is needed to help police AI. He also highlights emerging trends like agent teams and multi-day autonomous tasks, and notes Token Security is a top-10 finalist in the RSA Innovation Sandbox 2026, planning to present an intent-and-access-focused security model for AI agents.

00:00 Sponsor: Meter's integrated networking stack
00:19 Why agentic AI security is breaking (MCP & open-source chaos)
02:53 Meet Token Security: practical guardrails for AI agents
04:57 Why you can't just ban agents at work (shadow AI reality)
06:24 Tel Aviv's cybersecurity pipeline: gaming, military, and startups
08:57 Why AI/agents are fundamentally hard to secure (new OS + 'human spirit')
13:44 Trust, autonomy, and permissions: managing the blast radius
18:17 Real-world exposure: Claude Code and the developer identity attack surface
20:16 A workable approach: treat agents as untrusted processes with identity + least privilege
22:33 Zero Trust for Agents: Access ≠ Permission to Act
23:27 Token's "Intent-Based Permission Management" Explained
25:29 Building the Identity Map: Tracing What Agents Touch
26:52 The Secret Sauce: Using AI to Secure AI in Real Time
28:10 Real-World Case: 1,500 Agents and Wildly Over-Provisioned Access
30:57 CUA 'Computer-Use' Agents: Exciting, Personal… and Terrifying
34:44 Secure-by-Default & Sandboxing: Fixing 'Always Allow' Dark Patterns
35:36 What Security Teams Should Do Now: Inventory, Boundaries, Governance
37:59 What's Next: Agent Teams and Multi-Day Autonomous Work
40:10 Tony Stark Vision: Agents That Improve the Human Experience
41:02 RSA Innovation Sandbox: Token's Big Bet on Intent + Access
43:01 Wrap-Up, Audience Q&A, and Sponsor Message

CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations

Host Jim Love covers four cybersecurity stories:

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

CISA ordered federal civilian agencies to patch an actively exploited critical Dell RecoverPoint for Virtual Machines vulnerability (CVE-2026-2769) within three days, citing hard-coded credentials that allow unauthenticated root access and links to a China-aligned threat cluster; Texas Attorney General filed suit against TP-Link alleging deceptive security and origin claims and risks tied to Chinese state-linked threats, while TP-Link denies the allegations and says it operates independently, stores U.S. user data on AWS, and bases core operations in the U.S.; researchers found an unsecured MongoDB database tied to AI-powered identity verification provider ID Merit exposing nearly 1 billion records with sensitive personal data, attributed to misconfiguration rather than compromise of the AI systems; and a MarketWatch report describes whistleblower Chuck Borges alleging SSA master data was copied to a cloud environment without oversight, contrasted by the Social Security Commissioner stating the core Numident database remained secure, with Love noting no confirmed public evidence but expressing concern about the implications if such foundational data were compromised.

00:00 Sponsor Message: Meter's Full-Stack Networking
00:19 Headlines: Dell Exploit, TP-Link Lawsuit, Massive Data Leak, SSA Claims
00:45 Urgent Patch Order: Actively Exploited Dell RecoverPoint CVE
02:19 Texas Sues TP-Link Over Router Security & China-Ties Allegations
03:31 AI Identity Verification Leak: Nearly 1 Billion Records Exposed
05:07 Did SSA Data Leak? Whistleblower vs. Official Denial
06:54 Host Take: What If the "Foundational" Database Was Compromised?
07:37 Wrap-Up + Sponsor Thanks and Where to Book a Demo

Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier

The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a "mirror" of a user's life; the attack was not targeted, raising concerns about upcoming dedicated OpenClaw-stealing modules. A hobbyist coder using an AI coding tool to reverse-engineer DJI Romo communications unintentionally accessed roughly 7,000 robot vacuums in 24 countries, enabling live camera and microphone access and floor-plan generation due to missing messaging-level access controls; DJI also shares infrastructure with portable home battery stations and initially claimed the flaw was fixed before a live demonstration showed it was not. Two Best Buy cases illustrate that Zero Trust must consider behavior and context: a Florida employee allegedly used a manager override code 149 times from March–December 2024 to buy discounted electronics, costing about $120,000, while a Georgia case involved over $40,000 in merchandise leaving a store over two weeks amid claims of blackmail. Finally, ShinyHunters leaked about 600,000 Canada Goose customer records, but Canada Goose found no breach in its systems; the data was attributed to a third-party payment processor breach from August 2025, with records largely dating from 2021–2023, underscoring supply-chain risk and ongoing fraud/phishing potential. The episode is sponsored by Meter, which provides an integrated wired, wireless, and cellular networking stack for enterprises.

00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:44 Info-Stealer Jackpot: OpenClaw Tokens, Keys & 'soul.md' Exposed
03:17 DIY App, Real-World Disaster: 7,000 Robot Vacuums Exposed via DJI Servers
05:34 Best Buy Insider Fraud: Why Zero Trust Needs Behavior Monitoring
07:36 Canada Goose Leak: When a Third-Party Payment Processor Gets Breached
09:28 Wrap-Up + Sponsor Message (Meter)

This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while on-prem deployments require urgent manual updates and may already be compromised. Microsoft details an evolution of the ClickFix social engineering technique where victims are tricked into running NSLookup commands that use attacker-controlled DNS responses as a malware staging channel, leading to payload delivery (including a Python-based RAT) and persistence via startup shortcuts, alongside increased Lumma Stealer activity.

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst

Researchers also report Mac-focused campaigns abusing AI-generated content and malicious search ads to push copy-paste terminal commands that install an info stealer (MaxSync) targeting Keychain, browsers, and crypto wallets. T

The show describes fake recruiter campaigns targeting developers with coding tests containing malicious dependencies on repositories like NPM and PyPI, linked to the "Gala" operation and nearly 200 packages. Finally, it reviews NPM's authentication overhaul after a supply-chain worm incident—revoking classic long-lived tokens, moving to short-lived session credentials, encouraging MFA and OIDC trusted publishing—while noting remaining risks such as MFA phishing, non-mandatory MFA for unpublish, and the continued ability to create long-lived tokens.

00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:48 Urgent Patch: BeyondTrust Remote Access RCE (CVE-2026-1731) Actively Exploited
02:45 ClickFix Evolves: DNS Lookups (nslookup) Used as Malware Staging
04:34 Mac Malware via AI Search Results: Fake Terminal Commands Deliver Info-Stealer
06:08 Fake Recruiters, Real Malware: Coding Tests Poison Dev Environments
07:19 NPM Security Overhaul After Supply-Chain Worm—What's Better, What Still Risks
09:11 Wrap-Up, Thanks, and Sponsor Message