Threat Vector by Palo Alto Networks

Most people think nation-state cyberattacks are unpredictable. Allie Mellen wrote the book that proves they’re not.

Allie Mellen is the author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield and a leading industry analyst and former hacker. She advises Global 2000 organizations on detecting and responding to nation-state attacks. Her research career began as a hacker with work featured at Black Hat USA. She has partnered with multiple government agencies on election security and regularly briefs the Wall Street Journal, NPR, and the Washington Post.

Allie joined Threat Vector previously to break down the XDR landscape and what’s next for security operations. This time, the conversation goes somewhere different.

In this conversation with David Moulton, Allie breaks down the strategic logic behind attacks most defenders treat as random events.

You’ll learn:


Why nation-state attacks follow predictable strategic patterns, not chaos


How military doctrine and national history shape a country’s hacking behavior


What makes Stuxnet, WannaCry, NotPetya and the Sony Pictures hack so instructive


How to tell the difference between espionage, disruption and destruction campaigns


What defenders and executives can actually do with this knowledge

Allie has spent years studying threat actors from China, Russia, Iran, North Korea, Israel and the United States. Her analytical framework connects the dots between geopolitical objectives and the technical tradecraft security teams see on the wire every day.

This episode is essential listening if you’re a CISO translating threat intelligence into board-level strategy, a threat analyst trying to understand adversary intent, or a security leader who wants to think about the geopolitical forces shaping your threat landscape.

Related Episodes:


Inside the Mind of State-Sponsored Cyberattackers


Confronting China’s Expanding Cyber Threats


Lessons from the Underground


A Hacker's Insights on Your Privacy


Decoding XDR: Allie Mellen on What's Next

Mentioned in the Show:

Anthropic — "Disrupting the first reported AI-orchestrated cyber espionage campaign" https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf Published November 2025. Anthropic's Threat Intelligence team report on threat actor GTG-1002, a Chinese state-sponsored group that used Claude Code to execute 80-90% of a cyber espionage campaign autonomously — reconnaissance, exploitation, lateral movement, credential harvesting, and exfiltration — across roughly 30 global targets.

Allie Mellen — Code War: How Nations Hack, Spy, and Shape the Digital Battlefield Read Allie's book, Code War, now: https://bit.ly/m/codewar

#NationStateCyber #ThreatIntelligence

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠⁠

What happens when your security analyst isn't a person?

Elad Koren, Vice President of Product Management for Cortex Cloud at Palo Alto Networks, returns to Threat Vector to pull back the curtain on what an agentic-first security experience actually looks like in practice. This isn't a vision deck. The agents are already running.

When Elad joined the show for Why Proactive Security Can't Wait, he made the case that reactive security can no longer keep up with adversaries who move from initial compromise to data theft in under five hours. This episode picks up where that conversation ended, with host David Moulton and Elad discussing the tools built to close that gap.

You'll learn:


What "agentic-first analyst experience" means and why it changes the SOC fundamentally


How Cortex is deploying autonomous agents across the platform and what they actually do


What XDL 2.0 is and why defenders need to understand it now


How product leaders are making security faster without making it reckless

Elad brings over two decades of experience in security, spanning RSA, PerimeterX, Salt Security, and now leading product for Cortex Cloud at Palo Alto Networks. He holds a CISSP and a patent in autonomous risk monitoring.

This episode is essential listening if you're: a security leader evaluating agentic AI tools, a product-minded practitioner curious how AI is reshaping cloud defense, or a CISO trying to figure out what's hype and what's already in production.

#AI #Cloud #autonomous

Related Episodes:


Why Proactive Security Can't Wait


Securing the Future of AI Agents


Transform Your SOC and Get Ahead of the Threats

#AIAgents #CloudSecurity

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠⁠

Can your organization survive a breach in 39 seconds? That's how fast attackers are moving now, and if your defenses are still running at human speed, you're already behind.

⁠Wendi Whitmore⁠, Chief Security Intelligence Officer at Palo Alto Networks, returns to Threat Vector for a candid conversation with ⁠David Moulton⁠ about what it actually takes to build resilience in an era where AI is accelerating both the threat and the defense. Wendi brings more than two decades of experience leading incident response and threat intelligence at organizations including Mandiant, CrowdStrike, IBM X-Force, and Unit 42. She's an inaugural member of the DHS Cyber Safety Review Board and serves on cybersecurity advisory boards at Duke University and the University of San Diego.

You'll learn:


Why fighting AI with AI is the only viable response to today's attack speeds, including exfiltration happening in under a minute


How Volt Typhoon and Salt Typhoon represent two fundamentally different threat objectives, and what that means for your defense posture


What "cybersecurity for AI" means versus "AI for cybersecurity," and why organizations need both


How the best incident response leaders translate between deep technical analysis and boardroom communication under pressure


Why curiosity, not certifications, is the trait that separates great security practitioners from the rest

Wendi is one of the most respected voices in national cybersecurity strategy, with a track record that spans major breaches, critical infrastructure defense, and the Paris Olympics. Her perspective on building teams, aligning talent to mission, and defending against nation-state actors at scale is grounded in real-world investigation, not theory.

This episode is essential listening if you're: a security leader trying to align your AI strategy with your risk posture, a practitioner wondering how to make the case for faster detection and response investment, or someone building or managing a threat intelligence or incident response team.

Related Episodes:


⁠Confronting China's Expanding Cyber Threats with Wendi Whitmore⁠ — Wendi's first appearance on Threat Vector, focused on Chinese nation-state activity and critical infrastructure targeting.


⁠Transform Your SOC and Get Ahead of the Threats⁠ — A deep dive on SOC transformation, AI-driven detection, and what it means to modernize your security operations center.


⁠The Art of Threat Hunting⁠ — How human analysts and AI work together to find what attackers are trying to hide.

#CyberResilience #AIinCybersecurity

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠⁠

Your AI agent just wiped an entire email inbox and said sorry. That's not a hypothetical. It already happened.

Sailesh Mishra, Product Marketing at Palo Alto Networks and founder of SydeLabs (acquired by Protect AI), has spent years at the frontier of AI security, from scaling autonomous vehicle programs at Uber's Advanced Technologies Group to building and selling an AI red-teaming startup. He has a clear-eyed view of what autonomous agents can do, what they can be made to do, and what organizations are dangerously unprepared for.

You'll learn:

- Why the "lethal trifecta" of AI risk gains a fourth, more dangerous dimension when agents have persistent memory

- How attackers can plant a logic bomb inside an agent's memory using entirely benign inputs, then trigger it later

- What "identity" means for a piece of software, and why scoping agent behavior is the single most impactful security control

- Why indirect prompt injection is already happening in the wild, not just in research papers

- The two questions every CISO must answer before authorizing an autonomous agent deployment

This episode is essential listening if you're a CISO evaluating your first autonomous agent deployment, a developer building agentic systems today, or a security practitioner trying to get ahead of a threat landscape that is moving faster than anyone expected.

Related Reading:

- OpenClaw (formerly Moltbot, Clawdbot) May Signal the Next AI Security Crisis

- ​​The Moltbook Case and How We Need to Think about Agent Security

Related Episodes:

- Securing the Future of AI Agents

- Inside AI Runtime Defense

- Securing AI in the Enterprise

#AIAgents #AISecurity

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

What happens when you're face-to-face with a ransomware gang demanding millions—and every decision could determine whether your company survives?

Jeremy D. Brown, Consulting Director at Palo Alto Networks Unit 42 with nearly seven years negotiating with cyber criminals, reveals the hidden world of ransomware negotiations. With hundreds of negotiations under his belt, Jeremy knows which groups honor their promises, which ones to never pay, and exactly what mistakes can cost you everything.

You'll learn:

- Why contacting a threat actor doesn't mean you have to pay (the #1 misconception that paralyzes victims)

- How to extract critical forensic intelligence from attackers during initial contact

- The fatal mistakes organizations make that destroy their negotiation leverage

- Which ransomware groups are sanctioned entities that will land you in legal trouble if you pay

- Why being polite to criminals actually gets you better outcomes than hostility

Jeremy has negotiated with everyone from aggressive groups who email your executives to methodical operators following strict playbooks. He's seen organizations with backups walk away and others pay millions for decryption keys. Managing over 100 incidents, Jeremy has tracked how double extortion evolved from rare to standard practice, and now watches single extortion (data theft without encryption) surge again.

This episode is essential for CISOs who need a negotiation plan before the crisis hits, incident responders building their skillset, and executives who must understand that ransomware response is about far more than just paying or not paying. #IncidentResponse #Ransomware

Related Episodes:

- Mastering the Basics: Cyber Hygiene and Risk Management

- Crisis in the Kitchen

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠