<p>Jeff and Jim welcome Joseph Carson, cybersecurity expert and host of the Security by Default podcast, for a conversation on AI in offensive and defensive security. Joseph shares the real-world incident that inspired his EIC keynote - watching two AI agents negotiate a ransomware payment live. He breaks down how attackers use unconstrained models to lower the skill barrier and accelerate data exfiltration. The conversation covers NATO Lock Shields, the world&#39;s largest live cyber defense exercise, identity as national critical infrastructure, and the EU AI Act&#39;s risk-based approach. Also: Estonia&#39;s AI tax agents, the energy cost of being polite to AI, and the Tamagotchi theory of human-AI relationships.</p><p><br></p><p>Connect with Joseph: https://www.linkedin.com/in/josephcarson</p><p><br></p><p>NATO Locked Shields: https://ccdcoe.org/exercises/locked-shields/</p><p><br></p><p>Security by Default podcast (Spotify): https://open.spotify.com/show/0mzN5M5CkFVLn8fq5TnH0O</p><p><br></p><p><br></p><p><br></p><p>Connect with us on LinkedIn:</p><p><br></p><p>Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/</p><p><br></p><p>Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/</p><p><br></p><p>Visit the show on the web at http://idacpodcast.com</p><p><br></p><p><br></p><p><br></p><p>TIMESTAMPS</p><p>00:00 Welcome and intro</p><p>03:02 Conference season and IDAC discount codes</p><p>04:19 Introducing Joseph Carson and Security by Default</p><p>10:18 Optimist or pessimist on identity security</p><p>12:30 AI vs. AI - origin of the concept</p><p>15:02 Watching two AI agents negotiate a ransomware payment</p><p>17:26 The Tamagotchi metaphor for human-AI relationships</p><p>19:07 Who is winning the AI cyber arms race</p><p>21:00 How AI accelerates attacker capabilities</p><p>23:09 Dark web LLMs and bypassing guardrails</p><p>26:36 The energy cost of being polite to AI</p><p>28:15 Agentic AI skills, campaigns, and the Matrix analogy</p><p>31:34 Estonia AI agents filing tax returns</p><p>35:14 Introducing NATO Lock Shields</p><p>37:00 Protecting a simulated nation from 8,500 cyber attacks</p><p>38:08 Why identity is national critical infrastructure</p><p>41:18 AI in Lock Shields before and after</p><p>43:05 Lock Shields 2025 scoring explained</p><p>47:04 The EU AI Act - is it the next GDPR</p><p>50:18 Risk-based approach to AI regulation</p><p>53:35 Closing thoughts and cautious optimism</p><p>54:21 Scuba diving vs. snowboarding</p><p>58:05 Wrap-up</p><p><br></p><p><br></p><p><br></p><p>KEYWORDS</p><p>AI vs AI, agentic AI, identity security, NATO Lock Shields, EU AI Act, Joseph Carson, Security by Default, ransomware, dark web LLMs, guardrails, data exfiltration, phishing, critical infrastructure, Estonia, cyber defense, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald</p><p><br></p>

Identity at the Center

Identity at the Center

#408 - AI vs AI with Joseph Carson

MAR 16, 202663 MIN
Identity at the Center

#408 - AI vs AI with Joseph Carson

MAR 16, 202663 MIN

Description

<p>Jeff and Jim welcome Joseph Carson, cybersecurity expert and host of the Security by Default podcast, for a conversation on AI in offensive and defensive security. Joseph shares the real-world incident that inspired his EIC keynote - watching two AI agents negotiate a ransomware payment live. He breaks down how attackers use unconstrained models to lower the skill barrier and accelerate data exfiltration. The conversation covers NATO Lock Shields, the world&#39;s largest live cyber defense exercise, identity as national critical infrastructure, and the EU AI Act&#39;s risk-based approach. Also: Estonia&#39;s AI tax agents, the energy cost of being polite to AI, and the Tamagotchi theory of human-AI relationships.</p><p><br></p><p>Connect with Joseph: https://www.linkedin.com/in/josephcarson</p><p><br></p><p>NATO Locked Shields: https://ccdcoe.org/exercises/locked-shields/</p><p><br></p><p>Security by Default podcast (Spotify): https://open.spotify.com/show/0mzN5M5CkFVLn8fq5TnH0O</p><p><br></p><p><br></p><p><br></p><p>Connect with us on LinkedIn:</p><p><br></p><p>Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/</p><p><br></p><p>Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/</p><p><br></p><p>Visit the show on the web at http://idacpodcast.com</p><p><br></p><p><br></p><p><br></p><p>TIMESTAMPS</p><p>00:00 Welcome and intro</p><p>03:02 Conference season and IDAC discount codes</p><p>04:19 Introducing Joseph Carson and Security by Default</p><p>10:18 Optimist or pessimist on identity security</p><p>12:30 AI vs. AI - origin of the concept</p><p>15:02 Watching two AI agents negotiate a ransomware payment</p><p>17:26 The Tamagotchi metaphor for human-AI relationships</p><p>19:07 Who is winning the AI cyber arms race</p><p>21:00 How AI accelerates attacker capabilities</p><p>23:09 Dark web LLMs and bypassing guardrails</p><p>26:36 The energy cost of being polite to AI</p><p>28:15 Agentic AI skills, campaigns, and the Matrix analogy</p><p>31:34 Estonia AI agents filing tax returns</p><p>35:14 Introducing NATO Lock Shields</p><p>37:00 Protecting a simulated nation from 8,500 cyber attacks</p><p>38:08 Why identity is national critical infrastructure</p><p>41:18 AI in Lock Shields before and after</p><p>43:05 Lock Shields 2025 scoring explained</p><p>47:04 The EU AI Act - is it the next GDPR</p><p>50:18 Risk-based approach to AI regulation</p><p>53:35 Closing thoughts and cautious optimism</p><p>54:21 Scuba diving vs. snowboarding</p><p>58:05 Wrap-up</p><p><br></p><p><br></p><p><br></p><p>KEYWORDS</p><p>AI vs AI, agentic AI, identity security, NATO Lock Shields, EU AI Act, Joseph Carson, Security by Default, ransomware, dark web LLMs, guardrails, data exfiltration, phishing, critical infrastructure, Estonia, cyber defense, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald</p><p><br></p>