Category: 3-SometimeTechTalk

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by security researcher Tobias Diehl, a top contributor to the Microsoft Security Research Center (MSRC) leaderboards and a Most Valuable Researcher. Tobias shares his journey from IT support to uncovering vulnerabilities in Microsoft products. He discusses his participation in the upcoming Zero Day Quest hacking challenge and breaks down a recent discovery involving Power Automate, where he identified a security flaw that could be exploited via malicious URLs. Tobias explains how developers can mitigate such risks and the importance of strong proof-of-concept submissions in security research. 

In This Episode You Will Learn: 

• Researching vulnerabilities in Power Automate, Power Automate Desktop, and Azure
• The importance of user prompts to prevent unintended application behavior
• Key vulnerabilities Tobias looks for when researching Microsoft products

Some Questions We Ask:

• Have you submitted any AI-related findings to Microsoft or other bug bounty programs?
• How does the lack of visibility into AI models impact the research process?
• Has your approach to security research changed when working with AI versus traditional systems?

Resources:     

View Tobias Diehl on LinkedIn  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

Related Microsoft Podcasts:  

• Microsoft Threat Intelligence Podcast  
• Afternoon Cyber Tea with Ann Johnson  
• Uncovering Hidden Risks  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Hosted on Acast. See acast.com/privacy for more information.

Ivan Poupyrev grew up in the Soviet Union, studying rocket science. He moved to the US in 2013 to pursue the early days of VR. He has worked at Disney and Google, and has been focused on merging the physical and digital world for many years. Prior to this latest revolution, Ivan was one of the skeptics towards the idea of AI. But at Google, he was convinced by one of his now co-founders, the value in this tech.

Nick Gillian has been working in real time Machine learning for nearly 2 decades - but path here was a bit different. His background is in music and audio engineering - think the math behind amps, studios, mixers, etc. During his masters studies, he fell in love with sensors, and participated in early development and advancement of this tech alongside machine learning. He built a toolkit, which eventually got the attention of Ivan.

Ivan was working at Google, and one of his team members began utilizing the toolkit built by Nick. Upon discovering this, Ivan reached out to Nick to see if he wanted to join the top secret team - and eventually, Nick convinced Ivan of the power of machine learning and AI.

This is the creation story of Archetype AI.

Sponsors

• Mailtrap
• PropelAuth
• Tecla
• Speakeasy
• QA Wolf
• SnapTrade

Links

• https://www.archetypeai.io/
• https://www.linkedin.com/in/ivan-poupyrev/
• https://www.linkedin.com/in/nick-gillian-b27b1094/

Holistic AI is an AI governance platform that helps the enterprise adopt and scale AI.

Audioshake uses AI to mix, master, and separate music and other audio content.

Learn more about HumanX here. Feeling the FOMO? The event takes place again on April 7-9, 2026 in San Francisco. Early birds can register here.

Connect with Raj on LinkedIn.

Connect with Jessica on LinkedIn.

• mdformat
• pre-commit-uv
• PEP 758 and 781
• Serie: rich git commit graph in your terminal, like magic
• Extras
• Joke

Mohammad J. Sear, Global Public Sector Consulting Leader at EY and Author of “Becoming Digital Nations,” joins the show for a deep dive into his new book while also sharing his inspiration behind the book and the bold ideas that drive his vision for rethinking governance, service delivery, and nation-building in a digital-first world. We also explore the difference between digitizing legacy systems and truly reimagining government operating models from the ground up—touching on examples like smart passports, citizen identity platforms, and one-click, zero-documentation government services. Finally, we talk about why disruption, not just innovation, is critical for meaningful change.

Brian McCullough is the host of Techmeme Ride Home. He's back for our weekly discussion of the latest tech news. We cover: 1) Why everyone's using ChatGPT to make Ghibli art 2) What is Ghibli 3) OpenAI's product dominance stands out 4) The Studio Ghibli copyright question 5) The AI servers are at capacity 6) The AI datacenters are still probably built out too early 7) What's CoreWeave? 8) CoreWeave's IPO disappoints 9) OpenAI eyes $40 billion fundraise 10) Is Silicon Valley about to lose its monopoly on tech?

---

Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.

For weekly updates on the show, sign up for the pod newsletter on LinkedIn: https://www.linkedin.com/newsletters/6901970121829801984/

Want a discount for Big Technology on Substack? Here’s 40% off for the first year: https://tinyurl.com/bigtechnology

Questions? Feedback? Write to: bigtechnologypodcast@gmail.com

Deepak works on Amazon Q Developer, a GenAI-powered coding assistant that includes autonomous agents.

Thinking, Fast and Slow by psychologist Daniel Kahneman is one of those books that’s a classic for a reason—and it’s more relevant to today’s AI landscape than you might think.

Connect with Deepak on LinkedIn. 

Congrats to Stack Overflow user Morten Zilmer, who earned a Lifeboat badge by explaining Multiplication of two different bit numbers in VHDL.

They also:

• Emphasize the critical role of customer feedback in shaping products, highlighting how continuous feedback loops drive innovation and improvement.
• Explore how AI is empowering non-technical team members and enabling meaningful collaboration between developers and other departments.
• Discuss the potential of GenAI as a learning tool and the importance of prompt engineering as a key skill for future developers.

Episode notes:

• Connect with Lee Faus on LinkedIn, X, and learn more about GitLab.
• Learn more about creating a private instance of Stack Overflow for your team or org with Stack Overflow for Teams.
• Read about Knowledge Solutions, a subscription-based API service that provides continuous access to Stack Overflow’s public dataset to train and fine-tune large language models.