Your organization may have hundreds of AI agents running right now that your security team doesn't know exist. Every single one is an identity. Every identity is an attack surface.

In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Madhav Nakar, security researcher on the Phantom Labs team at BeyondTrust, to break down one of the most underexplored threats in enterprise security today: untracked AI agents creating exploitable "ghost identities." Madhav just returned from RSA — where he noticed every booth had an AI angle and a bubble forming — and he's here to cut through the noise with hard-hitting research and practical guidance.

🔍 Key Topics Covered:

• How low-code platforms let non-technical users spawn unvetted AI agents — and why that's a goldmine for attackers
• Ghost identities: what happens when AI agents run on untracked, over-privileged system identities
• The AWS sandbox DNS exfiltration proof-of-concept from BSides (BeyondTrust research)
• Why siloed AWS, Azure, and Okta teams create hidden privilege escalation paths
• "AI vs. AI" — the emerging defender model where autonomous systems monitor each other
• Browser extension cross-contamination and prompt injection risk for enterprise Claude deployments
• The three conditions that make any AI agent dangerous: private data access + untrusted instructions + tool execution
• Madhav's framework: inventory → least privilege → visibility — the basics that still matter most

Bonus: Madhav shares how "spiritually red-teaming yourself" — facing fear, breaking false narratives, and building trust — maps directly to how security professionals should approach zero trust and identity management. Plus: Joshua, Eric, and Nick on conquering stage fright and what that has to do with cybersecurity culture.

Don't wait for a ghost identity to become a ghost incident. Subscribe for weekly cybersecurity insights from practitioners, researchers, and the people defending the frontlines.

#GhostIdentities, #AIAgentSecurity, #NonHumanIdentity, #ZeroTrust, #TheAuditPodcast

What if the tools protecting your organization were the ones compromising it? In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem — joined by IT Audit Labs team member Samuel Cala live in the St. Paul studio — unpack a wave of cybersecurity stories that all converge on one unsettling theme: trust is being exploited at every layer of the stack.

From an Iranian-linked APT group targeting U.S. healthcare infrastructure, to a sophisticated GitHub Actions supply chain attack that backdoored an AI coding library used by thousands of developers — the crew breaks down exactly how threat actors are weaponizing the tools, platforms, and third-party services organizations depend on daily.

They also dive into a disturbing revelation about AI-powered audit certifications: one company allegedly fabricated compliance evidence to hand out ISO 27001 and SOC 2 certifications at a fraction of the cost — raising serious questions about what those credentials are actually worth.

In this episode:

• 🇮🇷 Iran's escalation from cyber espionage to active disruption — what signals to watch for
• 🔗 The GitHub Actions / LiteLLM supply chain attack explained step by step
• 🧾 How an AI certification firm allegedly faked audit evidence — and what it means for your vendor trust
• 📡 FCC bans on foreign-made routers and the gray market hardware problem hiding in plain sight
• 🤖 OpenAI kills Sora — what it signals about where AI is actually headed

Whether you're a CISO trying to defend against nation-state threats or a developer trusting open-source libraries, this episode delivers the context — and the hard questions — you need to stay ahead.

Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers critical insights to help protect your business. Like, share, and subscribe for more in-depth security discussions!

#cybersecurity #supplychainattack #infosec #threatintelligence #ISO27001 #SOC2 #githubsecurity #irancyberattack #aicybersecurity #itauditlabs

A $25 million wire transfer. A fake CFO. An entire executive team that didn't exist. This is what modern cybercrime looks like — and your firewall won't stop it.

In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum sit down with James McDowell — forensic psychology expert, cybercrime researcher, and adjunct professor at American Military University — to explore the chilling intersection of AI, human psychology, and cybercrime. James introduces the concept of "cognitive surrender": the slow, dangerous transfer of our thinking to AI tools, and how threat actors are exploiting it at scale.

What You'll Learn:

• What "cognitive surrender" is and why it's cybercrime's greatest accelerant
• How a $25M deepfake scam bypassed every red flag a trained employee had
• The psychology behind System 1 vs. System 2 thinking — and why attackers time their strikes around your lunch break
• Why voice passwords and family code phrases are becoming critical security tools
• How FraudGPT and dark-web AI models are lowering the barrier for cybercriminals
• What James's wave theory reveals about how we trust — and how that trust gets exploited

📖 Guest: James McDowell Forensic psychologist, cybercrime researcher, and author of Forensic Psychology and the Human Side of Cybercrime. James teaches at American Military University and leads research at [Research Institute] focused on the psychology of cyber offenders and victims.

📚 Book available on Amazon and Routledge. Search: Forensic Psychology and the Human Side of Cybercrime

Don't wait until your organization is the next headline. IT leaders need to stay ahead of evolving threats, and this episode delivers the psychological intelligence to help protect your business. Like, share, and subscribe for more in-depth security discussions!

#cybersecurity #cybercrime #socialengineering #deepfake #AIthreats #infosec #phishing #cyberpsychology #ethicalhacking #CISO

What if the device keeping you alive was also a cybersecurity vulnerability? That's not a hypothetical — it's Victor Barge's reality.

In this episode of The Audit, IT Audit Labs' Global Delivery Director Victor Barge shares the story of his sudden cardiac event and the life-saving defibrillator now implanted in his chest and the eye-opening security questions that followed. Co-hosts Joshua Schmidt, Eric Brown, and Nick Mellum connect Victor's story to the real-world cyber risks organizations ignore every single day.

What you'll learn in this episode:

• How modern pacemakers and defibrillators transmit biometric data 24/7 — and what happens if that data is compromised
• Why the 2017 Abbott pacemaker recall of 500,000 devices is a warning the industry hasn't fully heeded
• The parallel between reactive healthcare and reactive cybersecurity — and why waiting costs you more
• Why billion-dollar organizations are still storing passwords in spreadsheets in 2026
• What continuous monitoring in IT security can learn from real-time cardiac telemetry

Whether you're a CISO, IT auditor, or just someone wearing a smartwatch, this episode will make you rethink what "sensitive data" really means.

What does it take to go undercover with international cybercriminals — with no backup, no safe house, and no script? In this episode of The Audit, Richard LaTulip, Field CISO at Recorded Future and former U.S. Secret Service agent, pulls back the curtain on three years of undercover operations spanning Thailand, Dubai, Macau, and China. From buying stolen credit card data in bulk to handing cheap government-issued laptops to disappointed hackers, Richard shares the raw, unfiltered reality Hollywood never shows you.

Co-hosts Joshua J Schmidt, Eric Brown, Nick Mellem, and Jen Lotze dig into the psychology of social engineering, the stark differences between nation-state and financially motivated threat actors, and why your employees are simultaneously your greatest asset and your biggest vulnerability. Richard breaks down how SolarWinds revealed the patience of nation-state operations, why cultural awareness is a cybersecurity weapon, and how organizations can shift security from a cost center to a value driver.

• 🔑 Key Topics Covered:
• Undercover operations against international cybercriminal networks — the reality vs. the Hollywood version
• Nation-state vs. financially motivated threat actors — how their goals fundamentally change defense strategy
• The ClickFix campaign and social engineering attacks targeting human psychology
• How Recorded Future delivers actionable, tailored threat intelligence vs. generic feeds
• Why tabletop exercises need HR, communications, and every department at the table • Cultural dimensions of cybersecurity — from Eastern European honeytraps near nuclear sites to password reuse psychology
• Turning your security team from a "cost center" into a trusted business ally
• Operation Carter Chaos — Richard's new book chronicling the untold human side of undercover cyber operations

📖 Richard's book Operation Carder Kaos is available now on Amazon.

🔔 Like, share, and subscribe for more in-depth cybersecurity conversations. Don't forget to leave a review — it helps us reach more security professionals like you.

Microsoft dominates 22% of all phishing attacks, a $800 tool tricks 60% of victims into self-hacking, and Apple's planning a surveillance pin that records everything—welcome to 2025's cybersecurity nightmare. In this episode of The Audit, co-hosts Joshua J Schmidt, Eric Brown, and Nick Mellem are joined by Jen Lotze from IT Audit Labs to dissect three headlines that prove the threat landscape isn't just evolving—it's accelerating. From brand impersonation scams that exploit your brain's pattern recognition to ClickFix malware that bypasses antivirus by weaponizing copy-paste commands, this conversation reveals how attackers are shifting from breaking through defenses to manipulating humans into opening the door themselves.

What You'll Learn:

• Why trusted brands like Microsoft, Amazon, and DHL are irresistible phishing targets, especially during high-traffic seasons when vigilance naturally drops
• How ClickFix attacks exploit legitimate-looking broken websites to trick users into installing malware through their own command prompts—achieving 60% success rates that evade traditional security
• Real-world consequences of sophisticated social engineering, including a $116,000 wire fraud loss that proves even tech-savvy professionals aren't immune
• The privacy and consent implications of Apple's rumored 2027 AI wearable with dual cameras and always-on environmental recording
• Whether constant surveillance is becoming the unavoidable price of technological convenience—and what that means for building security cultures in organizations today

From training employees to recognize copy-paste scams to navigating the ethics of ambient recording devices, this episode delivers frontline intelligence for security professionals and practical awareness for anyone trying to stay safe online.

#phishing #clickfix #cybersecurity #socialengineering #applewearable #privacy #malware #infosec #brandimpersonation

In this episode of The Audit, co-hosts Eric Brown and Nick Mellem dive deep into organizational psychology and team dynamics with a refreshingly honest look at how IT Audit Labs is using assessments like CliftonStrengths, Kolbe, and PRINT to decode their team. This isn't fluffy HR talk—it's strategic workforce optimization that directly impacts how security teams respond to threats, collaborate under pressure, and execute on complex projects.

Eric and Nick discuss why understanding your team's natural strengths, motivators, and triggers is just as critical as deploying the right tech stack. From reducing meeting bloat to being more intentional with time and resources, they share real-world lessons on building a culture where people operate in their zone of genius. Plus, they tackle the "what tool would you deploy first" scenario—spoiler: it's not what you think.

🔑 KEY TOPICS COVERED:

• Why organizational assessments (CliftonStrengths, Kolbe, PRINT) matter for security teams
• How to be more intentional with meetings, time, and team collaboration
• First tools to deploy in a new security environment (MFA, YubiKeys, Veronus)
• The shift from reactive security to proactive team alignment
• Using AI tools like Gemini to streamline communication and decision-making

#CliftonStrengths #Cybersecurity #TeamBuilding #ITLeadership #SecurityCulture #CISOLife #InfoSec #OrganizationalPsychology

What if the difference between AI mediocrity and breakthrough isn't the tool—it's how you architect your approach? Carter Jensen from The Uncommon Business joins the crew to reveal why most people are stuck "button pushing" while others are unlocking 3X productivity gains. This isn't theory; it's the frontline reality of businesses transforming workflows with the right AI architecture.

If you're tired of surface-level AI hype and ready for actionable intelligence on integrating AI into security, compliance, and everyday business operations, this episode delivers. Whether you're Blockbuster or Netflix is up to you.

🎯 What You'll Learn:

• AI Architecture vs. Button Pushing – The mindset shift that unlocks 3-4X productivity gains instead of mediocre results
• Real Cybersecurity Wins – How IT teams use AI to speed through compliance audits (PCI, CJIS, HIPAA) and tackle complex security workflows
• Enterprise Implementation Truth – Why expensive AI tools fail without strategy, and what actually works for business adoption
• The AI Bubble Debate – Is this hype or the biggest business transformation since the internet? Carter brings receipts from the frontlines

Don't let your team fall behind while competitors architect their way to 4X output. This episode arms IT leaders, CISOs, and security professionals with the mindset shift needed to deploy AI that actually moves the needle. Like, share, and subscribe for more cutting-edge cybersecurity and AI implementation strategies!

#ArtificialIntelligence #Cybersecurity #AIforBusiness #ITaudit #ComplianceAutomation