AI News | Episode 39
AI News | Episode 39
In this episode of AI Security Ops, we break down the latest developments in AI-driven threats, identity chaos caused by autonomous agents, NIST’s focus on securing AI in critical infrastructure, and new visibility tooling for AI exposure.
We cover real-world abuse of LLMs for phishing, how AI agents are colliding with IAM governance, and what defenders should be watching right now.
Chapters:
00:00 – Introduction and Sponsors
Black Hills Information Security - https://www.blackhillsinfosec.com/
Antisyphon Training - https://www.antisyphontraining.com/
01:08 – LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)
Discussion begins as the hosts introduce the first story.
How LLMs are generating polymorphic malicious JavaScript for phishing pages and evading traditional detection.
👉 https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/
08:49 – AI Agents vs IAM: “Who Approved This Agent?” (Hacker News)
Conversation shifts to agent privilege management and governance failures.
👉 https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html
10:07 – NIST Focus on Securing AI Agents in Critical Infrastructure
Discussion on federal guidance and why AI agents are being treated as critical infrastructure risk components.
👉 https://www.linkedin.com/pulse/cybersecurity-institute-news-roundup-20-january-2026-entrust-alz7c
13:44 – Tenable One AI Exposure
Breaking down Tenable’s push into enterprise AI usage visibility and exposure management.
👉 https://www.tenable.com/blog/tenable-one-ai-exposure-secure-ai-usage-at-scale
Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security.
https://discord.gg/bhis
Chapters
Click here to watch this episode on YouTube.
----------------------------------------------------------------------------------------------
About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
Brought to you by:
In this episode of AI Security Ops, we break down the latest developments in AI-driven threats, identity chaos caused by autonomous agents, NIST’s focus on securing AI in critical infrastructure, and new visibility tooling for AI exposure.
We cover real-world abuse of LLMs for phishing, how AI agents are colliding with IAM governance, and what defenders should be watching right now.
Chapters:
00:00 – Introduction and Sponsors
Black Hills Information Security - https://www.blackhillsinfosec.com/
Antisyphon Training - https://www.antisyphontraining.com/
01:08 – LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)
Discussion begins as the hosts introduce the first story.
How LLMs are generating polymorphic malicious JavaScript for phishing pages and evading traditional detection.
👉 https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/
08:49 – AI Agents vs IAM: “Who Approved This Agent?” (Hacker News)
Conversation shifts to agent privilege management and governance failures.
👉 https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html
10:07 – NIST Focus on Securing AI Agents in Critical Infrastructure
Discussion on federal guidance and why AI agents are being treated as critical infrastructure risk components.
👉 https://www.linkedin.com/pulse/cybersecurity-institute-news-roundup-20-january-2026-entrust-alz7c
13:44 – Tenable One AI Exposure
Breaking down Tenable’s push into enterprise AI usage visibility and exposure management.
👉 https://www.tenable.com/blog/tenable-one-ai-exposure-secure-ai-usage-at-scale
Join the 5,000+ cybersecurity professionals on our BHIS Discord server to ask questions and share your knowledge about AI Security.
https://discord.gg/bhis
Chapters
- (00:00) - Introduction and Sponsors
- (01:08) - LLM-Generated Phishing JavaScript (Unit 42 / Palo Alto)
- (10:07) - NIST Focus on Securing AI Agents in Critical Infrastructure
- (13:44) - Tenable One AI Exposure
Click here to watch this episode on YouTube.
----------------------------------------------------------------------------------------------
About Joff Thyer - https://www.blackhillsinfosec.com/team/joff-thyer/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
Brought to you by:
Black Hills Information Security
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
Creators and Guests
Host
Brian Fehrman
Brian Fehrman is a long-time BHIS Security Researcher and Consultant with extensive academic credentials and industry certifications who specializes in AI, hardware hacking, and red teaming, and outside of work is an avid Brazilian Jiu-Jitsu practitioner, big-game hunter, and home-improvement enthusiast.
Host
Bronwen Aker
Bronwen Aker is a BHIS Technical Editor who joined full-time in 2022 after years of contract work, bringing decades of web development and technical training experience to her roles in editing pentest reports, enhancing QA/QC processes, and improving public websites, and who enjoys sci-fi/fantasy, Animal Crossing, and dogs outside of work.