Agents built into your everyday workflow. Read the announcement

Live from Black Hat: Ransomware, Responsible Disclosure, and the Rise of AI

A yellow folder with black text lies on a blue surface, with visible text reading THE MICROSOFT THREAT INTELLIGENCE PODCAST.

Recorded live at Black Hat USA 2025

The Microsoft Threat Intelligence Podcast took over Microsoft Security’s mobile podcast studio at Black Hat 2025, where host Sherrod DeGrippo sat down with leaders and researchers from across Microsoft. The mini episodes spanned responsible disclosure, the accelerating pace of ransomware, and the current state of social engineering. Together, a common theme emerged: today’s threats demand both technical rigor and human resilience. We also officially announced round two of Zero Day Quest and the $5 million up for grabs.

Listen to episode
Check out the full episode on N2K.

Key Takeaways

Speed is the defining feature of modern threats whether in bug discovery, ransomware dwell time, or AI-driven phishing.

Ecosystems matter: researchers, defenders, and threat actors alike operate in networks, not isolation.

Ethics and resilience remain central: responsible disclosure, vendor accountability, and building psychological safety are as important as technical defenses.

Responsible Disclosure and the Future of Bug Bounties

Sherrod opened the episode with Tom Gallagher, Vice President of Engineering and head of the Microsoft Security Response Center (MSRC). Gallagher explained how MSRC sits at the heart of Microsoft’s coordinated vulnerability disclosure efforts, managing bug reports from researchers in 59 countries.

Gallagher stressed that responsible disclosure is more than a process, it’s a set of values. “Everything we do is to protect customers,” he noted, pointing to MSRC’s role in ensuring vulnerabilities are fixed before they can be abused, while also giving researchers recognition for their work.

In addition to the day-to-day responsibilities of MSRC, he also announced the next iteration of Zero Day Quest, a unique take on bug bounty programs. This time, $5 million is up for grabs as part of the largest public hacking event ever. This program is aimed at incentivizing vulnerability research in cloud and AI. Researchers who qualify are invited to Redmond for an immersive, real-time bug hunting event alongside Microsoft engineers, compressing the cycle from discovery to fix in ways that accelerate security for customers.

Ransomware: Speed, Ecosystems, and AI

Next, Sherrod turned to Microsoft Senior Security Researcher Eric Baller and Principal Security Researcher Eric Olson to discuss ransomware. Both emphasized how dwell times have collapsed from days or weeks in the past, to just minutes today. In one recent case, attackers moved from initial VPN access to backup destruction attempts in just 20 minutes.

The researchers described ransomware as an ecosystem, not an individual adversary. Access brokers sell stolen credentials, affiliates lease ransomware strains, and operators adapt tactics quickly. Multi-extortion has become the norm: encryption paired with data theft, reputational damage, and even threats tied to sensitive communications.

Looking ahead, the team warned of AI’s role in ransomware. Old breach data and stolen archives could be run through large language models, helping attackers identify weaknesses, map business processes, or uncover extortion opportunities far faster than before.

For defenders, Baller and Olson offer the following recommendations to defend against ransomware: ensure you have disconnected backups, log visibility, and risk awareness remain among the most effective countermeasures.

Social Engineering in the Age of AI

The episode closes with Microsoft’s Principal Security Researcher and former CISO Travis Schack and Eric Olson examining how social engineering continues to adapt. From your package is ready text scams to law firm phishing emails claiming divorce proceedings, attackers rely on urgency, fear, and curiosity to drive clicks.

AI, they noted, is dramatically increasing believability. Gone are the days when poor grammar gave away a phishing email; today, generative AI produces polished messages and even voice deepfakes convincing enough to trick employees and executives alike. Schack warned that help desks and recruiters are frequent targets, where voice synthesis and spoofed identities can make fraudulent requests seem legitimate.

Defenses, the guests agreed, come down to both people and technology. Micro-learning simulations, better training, and strong MFA can blunt the human side of these attacks, while tools like Defender for Office 365 provide essential guardrails.

Listen to episode