How Microsoft Uses AI for Threat Intelligence & Malware Analysis
AI Security Podcast18 Loka 2025

How Microsoft Uses AI for Threat Intelligence & Malware Analysis

What if the prompts used in your AI systems were treated as a new class of threat indicator? In this episode, Thomas Roccia, Senior Security Researcher at Microsoft, introduces the concept of the IOPC (Indicator of Prompt Compromise), sharing that "when there is a threat actors using a GenAI model for malicious activities, then the prompt... is considered as an IOPC".

The conversation dives deep into the practical application of AI in threat intelligence. Thomas shares details from his open-source projects, including NOVA, a tool for detecting adversarial prompts, and an AI agent he built to track the complex money laundering scheme from a $1.4 billion crypto hack . We also explore how AI is dramatically lowering the barrier to entry for complex tasks like reverse engineering, turning a once-niche skill into something accessible to a broader range of security professionals .


Questions asked:

(00:00) Introduction(02:20) Who is Thomas Roccia?(03:20) Using AI for Reverse Engineering & Malware Analysis(04:30) Building an AI Agent to Track Crypto Money Laundering(11:30) What is an IOPC (Indicator of Prompt Compromise)?(14:40) MITRE ATLAS: A TTP Framework for LLMs(18:20) NOVA: An Open-Source Tool for Detecting Malicious Prompts(23:15) Using RAG for Threat Intelligence on Data Leaks(31:00) Proximity: A New Scanner for Malicious MCP Servers(34:30) Why Good Ideas are Now More Valuable Than Execution(35:30) Real-World AI Threats: Stolen API Keys & Smart Malware(40:15) The Challenge of Building Reliable Multi-Agent Systems(48:20) How AI is Lowering the Barrier for Reverse Engineering(50:30) "Vibe Investigating": Assisting the SOC with AI(54:15) Caleb's Personal AI Agent for Document Organization


Resources discussed during the call:

NOVA- The Prompt Pattern Matching

DEF CON 33 Talk - Where’s My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(55)

Why Asset Intelligence is Replacing the CMDB & Static Dashboards

Why Asset Intelligence is Replacing the CMDB & Static Dashboards

Why do CISOs still struggle with asset intelligence in 2026? Despite decades of security tooling, most organizations still have a massive 40% "dark matter" blind spot in their environment and the expl...

11 Kesä 42min

The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents

The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents

Why are security leaders terrified of connecting AI agents to production data? Because unlike humans, AI agents don't apply judgment, and they operate at machine speed, meaning they can relentlessly h...

4 Kesä 47min

Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering

Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering

Is your security team moving at the speed of your engineering team? In this special live recording of the AI Security Podcast from San Francisco, Ashish is joined by Nick Reva (Global Director, Engine...

21 Touko 1h 3min

Verification vs. Validation: How Autonomous AI is Changing Cybersecurity

Verification vs. Validation: How Autonomous AI is Changing Cybersecurity

Are autonomous AI agents operating unchecked in your enterprise? With the release of open source frameworks like OpenClaw, deploying an AI agent is now as simple as texting, but it comes with massive,...

13 Touko 1h 10min

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

Is an AI agent's identity a workload or an action? Ashish spoke to Elie Bursztein, Distinguished Research Scientist and co-author of Google SAIF (Secure AI Framework) about how it is neither and that ...

29 Huhti 47min

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC

If your AI solution is just helping humans process the same amount of alerts a little faster, you haven't transformed anything, you've just created a faster hamster wheel.In this episode, Ashish and C...

22 Huhti 46min

Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry

Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry

In this episode, Ashish and Caleb discuss the internet-breaking preview of Project Mythos, an unreleased AI model from Anthropic that has shown an unprecedented, terrifying ability to reason through c...

18 Huhti 1h 3min

Are AI Security Startups Faking It? How to Separate Signal from Noise

Are AI Security Startups Faking It? How to Separate Signal from Noise

With over 70 startups claiming to have built the perfect "AI SOC Analyst" or "AI Threat Hunter," how do you separate the real products from the vaporware? Recorded live at Decibel RSAC Founder Festiva...

15 Huhti 47min