AI Security Podcast

In this episode, Ashish and Caleb discuss the internet-breaking preview of Project Mythos, an unreleased AI model from Anthropic that has shown an unprecedented, terrifying ability to reason through code and automatically generate working zero-day exploits .We dive into the conversations surrounding Project Glasswing, Anthropic's initiative to share this model with select partners (like Palo Alto and CrowdStrike) before public release, allowing them a 100-day window to patch critical vulnerabilities . Caleb explains why this level of AI reasoning isn't just hype: early testers are reporting that Mythos is not only finding zero-days, but actively detecting dormant intrusions within their own networks .If you are a CISO or security practitioner, this episode talks about it all. We discuss why the traditional 30-day patch cycle is dead, why "assuming breach" is now mandatory, and why 60% of legacy security vendors might not survive this shift . Questions asked: (00:00) Introduction: The Hype Around Anthropic's Project Mythos (04:00) What is Project Mythos? (Reasoning and Finding Zero-Days) (06:50) Project Glasswing: The 100-Day Partner Patch Window (08:30) The Controversy: Did Anthropic Pick the Right Partners? (12:30) Why Anthropic Doesn't Have the Compute to Scan the Whole Internet (15:10) The Insider View: Mythos is Finding Dormant Intrusions (16:30) Why 60% of Security Vendors Will Go Away (19:30) Hype vs. Reality: GeoHot's Comments on Small Models (21:30) Eliminating False Positives in Static Code Analysis (23:50) The Zero-Day Clock: Time to Exploit Drops to Under 6 Hours (25:50) The Ethics of Zero-Days: Should Mythos Be Released at All? (34:30) The CISO Action Plan: Speeding Up Patching (Hours vs. Days) (44:50) The 3rd Party SaaS Problem: What to Do When You Can't Patch (46:10) "Assume Breach": Why Deception (Honeypots) is the New Priority (57:30) Empowering Non-Tech Teams to Build Detections (01:02:10) AI Makes Cheesy "Hacker Movies" a Reality Resources mentioned during the episode: Assessing Claude Mythos Preview’s cybersecurity capabilities Project Glasswing Zero Day Clock

With over 70 startups claiming to have built the perfect "AI SOC Analyst" or "AI Threat Hunter," how do you separate the real products from the vaporware? Recorded live at Decibel RSAC Founder Festival, Ashish and Caleb hosted a heated panel with Edward Wu (Founder & CEO, Dropzone AI) and Lou Manousos (Co-Founder & CEO, Ent AI). The group debates the controversial claim that AI can provide 100% threat prevention and exposes the dirty secret of the industry: Many AI startups are "cheating" by hiding human analysts behind their software.If you were a CISO or security practitioner navigating the vendor floor at RSA, this episode provides a BS-detector framework. Learn why an AI wrapper around Claude Code isn't enough, why "consistency" is the ultimate test for AI agents, and how to verify if a startup actually has real-world, paying enterprise deployments (and not just friendly design partners) . Questions asked: (00:00) Introduction: Live with Decibel(01:30) Meet the Panel: Edward Wu (Dropzone) & Lou Manousos (Ent) (03:40) The Great Debate: Has the Industry Given Up on Prevention? (05:50) What Has AI Actually Solved? (Repetitive Work vs. Context) (09:00) How to Spot BS on the RSA Show Floor (11:30) Defining an AI Agent: Chatbots vs. Threat Hunters (13:40) The Claude Code Problem: Is Your Product Just a Wrapper? (16:50) The 80% Accuracy Trap & Why Consistency is Key (21:30) Proving ROI: Evaluating AI Agents Like Human Employees (24:50) The Dirty Secret: Humans Hiding Behind AI Startups (26:30) Spotting Fake Customer Logos (28:30) Audience Q&A: Scaling the SOC vs. Replacing Humans (36:10) Forward Deployed Engineering & Personalized Software (40:30) Reimagining Security Architecture from the Inside Out (43:30) How Ent Detects Remote Workers Outsourcing Their Jobs (45:30) Final Thoughts: Asking Vendors for Real Proof Points

RSA Conference 2026 is here and the AI agent hype machine is louder than ever. In this episode, Ashish and Caleb cut through the noise and arm CISOs, practitioners, and security teams with a clear-eyed view of what's actually happening in AI security this year. From the vendor floor at RSAC to the future of internal security automation, Caleb and Ashish speak about why 70% of "AI agent security" vendors can't even define what an agent is, why security team consolidation around 2–3 major platforms (plus internal AI capability) may be the most underrated CISO strategy of 2026, and why the window from vulnerability disclosure to live exploitation has collapsed from months to under two days. They also explore the emerging idea of a centralised AI automation function inside security teams and why the future of security isn't buying more point solutions, it's building internal AI capability on top of a standardised vendor stack. Questions asked: (00:00) Introduction: Preparing for RSAC 2026(03:50) The Year of the "AI Agent" Marketing Hype (06:50) The Secret to AI Context: Enterprise Search (Glean) (09:50) Why Your SOC Needs a Centralized AI Platform Team (13:30) The #1 Question to Ask Vendors at RSAC: API Access (16:50) The Myth of MCP (Model Context Protocol) as the Gold Standard (20:50) Why RSAC is Too Noisy: Vibe Coding & 1,000 New Startups (22:30) Is Capital Raised the Only Signal of Trust? (24:50) Prediction: CISOs Will Fire 500 Vendors and Consolidate (30:50) The Build vs. Buy Debate for AI Security Features (35:50) Surviving RSAC: Sorting Signal from Noise (38:50) The Problem with "End-to-End" AI Agent Claims (41:50) Are AI-Driven Attacks Real? (44:50) The Zero-Day Clock: From 5 Months to 2 Days (48:50) RSAC Events: Live Recordings and CISO Panels Resources spoken about during the episode: RSAC 2026 BSidesSF 2026 Glean Zero Day Clock

Did Anthropic just kill the AppSec industry? Following the announcement of Claude Code Security, a tool that finds, reasons about, and fixes code vulnerabilities, major security stocks dropped by 8% .In this episode of the AI Security Podcast, Ashish and Caleb break down the reality behind the hype. Caleb explains why using AI for SAST (Static Application Security Testing) is "a no-brainer," noting that many open-source projects and startups have already been doing exactly what Anthropic announced . We discuss why this actually validates the shift toward AI-automated remediation.The conversation goes deeper into the future of the cybersecurity market: Will giant foundation models start acquiring security companies? Will they offer "premium gas" (cheaper tokens) for building on their platforms? And most importantly, what does this mean for AppSec engineers whose jobs involve triaging false positives? Questions asked: (00:00) Introduction: The Claude Code Security Announcement(02:50) What is Claude Code Security? (Finding & Reasoning about VULNs) (03:50) Market Overreaction: Why Security Stocks Dropped 8% (05:10) Why AI-Powered SAST is Not New (OpenAI & Open Source doing it already) (07:20) Will AI Take AppSec Jobs? (Triaging False Positives) (09:00) "Shift Left" on Steroids: Auto-Fixing and PR Submission (11:30) The Threat to Legacy Vendors: Why CrowdStrike's Moat is Safe (14:30) Historical Context: AI is the New Calculator/Typewriter (18:20) The "Gasoline" Theory: Foundation Models as Fuel (21:00) Will Anthropic Acquire Security Startups? (26:30) Anthropic's Go-To-Market Strategy: Building AI SOCs (33:30) Startup Survival: Can Innovation Outpace Big Tech? (41:30) The Future of Threat Intel: Is the Legacy Moat Disappearing? (48:20) Negotiating with Vendors using AI Leverage (53:30) Using Evals for Organizational Anomaly Detection

What if you could automate your entire work life with a personal AI Chief of Staff? In this episode, Caleb Sima reveals "Pepper," his custom-built AI agent to Ashish that manages emails, schedules meetings, and even hires other AI experts to solve problems for him . Using Claude Code and a "vibe coding" approach, Caleb built a multi-agent system over a single holiday weekend, without writing a single line of Rust code himself . We discuss how he used this same method to build a black-box testing agent that auto-files bugs on GitHub and even designed the branding for his venture fund, White Rabbit . We explore why "intelligence is becoming a commodity," and how you can survive by becoming an architect of AI agents rather than just a worker Questions asked: (00:00) Introduction(03:20) Meet "Pepper": Caleb's AI Chief of Staff (05:40) How Pepper Dynamically Hires "Expert" Agents (07:30) Pepper Builds its Own Tools (MCP Servers) (11:50) Do You Need to Be a Coder to Do This? (12:50) Using "Claude Superpowers" to Orchestrate Agents (16:50) Automating a Venture Fund: Branding White Rabbit with AI (20:50) Building a "Black Box" Testing Agent in Rust (Without Knowing Rust) (28:50) The Developer Who Went Skiing While AI Did His Job (32:20) The Coming "App Sprawl" Crisis in Enterprise Security (36:00) Security Risks: Managing Shared Memory & Context (41:20) The Future of Work: Is Intelligence Becoming a Commodity? (44:50) Why Plumbers are Safe from AI

This is a forward-looking episode, as Ashish Rajan and Caleb Sima break down the 8 critical predictions shaping the future of AI security in 2026 We explore the impending "Age of Zombies", a crisis where thousands of unmaintainable, "vibe-coded" internal tools begin to rot as employees churn . We also unpack controversial theory about the "circular economy" of token costs, suggesting that major providers are artificially keeping prices high to avoid a race to the bottom . The conversation dives deep into the shift from individual AI features to centralized AI Platforms , the reality of the Capability Plateau where models are getting "better but not different" , and the hilarious yet concerning story of Anthropic’s Claude not being able to operate a simple office vending machine without resorting to socialism or buying stun guns Questions asked: (00:00) Introduction: 2026 Predictions(02:50) Prediction 1: The Capability Plateau (Why models feel the same) (05:30) Consumer vs. Enterprise: Why OpenAI wins consumer, but Anthropic wins code (09:40) Prediction 2: The "Evil Conspiracy" of High AI Costs (12:50) Prediction 3: The Rise of the Centralized AI Platform Team (15:30) The "Free License" Trap: Microsoft Copilot & Enterprise fatigue (20:40) Prediction 4: Hyperscalers Shift from Features to Platforms (AWS Agents) (23:50) Prediction 5: Agent Hype vs. Reality (Netflix & Instagram examples) (27:00) Real-World Use Case: Auto-Fixing 1,000 Vulnerabilities in 2 Days (31:30) Prediction 6: Vibe Coding is Replacing Security Vendors (34:30) Prediction 7: Prompt Injection is Still the #1 Unsolved Threat (43:50) Prediction 8: The "Confused Deputy" Identity Problem (51:30) The "Zombie Tool" Crisis: Why Vibe Coded Tools will Rot (56:00) The Claude Vending Machine Failure: Why Operations are Harder than Code

Is your organization stuck in "read-only" mode with AI agents? You're not alone. In this episode, Dev Rishi (GM of AI at Rubrik, formerly CEO of Predibase) joins Ashish and Caleb to dissect why enterprise AI adoption is stalling at the experimentation phase and how to safely move to production . Dev reveals the three biggest fears holding IT leaders back: shadow agents, lack of real-time governance, and the inability to "undo" catastrophic mistakes . We dive deep into the concept of "Agent Rewind", a capability to roll back changes made by rogue AI agents, like deleting a production database and why this remediation layer is critical for trust . The conversation also explores the technical architecture needed for safe autonomous agents, including the debate between MCP (Model Context Protocol) and A2A (Agent to Agent) standards . Dev explains why traditional "anomaly detection" fails for AI and proposes a new model of AI-driven policy enforcement using small language models (SLMs) as judges . Questions asked: (00:00) Introduction(02:50) Who is Dev Rishi? From Predibase to Rubrik(04:00) The Shift from Fine-Tuning to Foundation Models (07:20) Enterprise AI Use Cases: Background Checks & Call Centers (11:30) The 4 Phases of AI Adoption: Where are most companies? (13:50) The 3 Biggest Fears of IT Leaders: Shadow Agents, Governance, & Undo (18:20) "Agent Rewind": How to Undo a Rogue Agent's Actions (23:00) Why Agents are Stuck in "Read-Only" Mode (27:40) Why Anomaly Detection Fails for AI Security (30:20) Using AI Judges (SLMs) for Real-Time Policy Enforcement (34:30) LLM Firewalls vs. Bespoke Policy Enforcement (44:00) Identity for Agents: Scoping Permissions & Tools (46:20) MCP vs. A2A: Which Protocol Wins? (48:40) Why A2A is Technically Superior but MCP Might Win

It's the season finale of the AI Security Podcast! Ashish Rajan and Caleb Sima look back at their 2025 predictions and reveal that they went 9 for 9. We wrap up the year by dissecting exactly what the industry got right (and wrong) about the trajectory of AI, providing a definitive "state of the union" for AI security. We analyze why SOC Automation became the undisputed king of real-world AI impact in 2025 , while mature AI production systems failed to materialize beyond narrow use cases due to skyrocketing costs and reliability issues . They also review the accuracy of their forecasts on the rise of AI Red Teaming , the continued overhyping of Agentic AI , and why Data Security emerged as a critical winner in a geo-locked world . Looking ahead to 2026, the conversation shifts to bold new predictions: the inevitable bursting of the "AI Bubble" as valuations detach from reality and the rise of self-fine-tuning models . We also explore the controversial idea that the "AI Engineer" is merely a rebrand for data scientists and a lot more… Questions asked: (00:00) Introduction: 2025 Season Wrap Up(02:50) State of AI Utility in late 2025: From coding to daily tasks(09:30) 2025 Report Card: Mature AI Production Systems? (Verdict: Correct)(10:45) The Cost Barrier: Why Production AI is Expensive(13:50) 2025 Report Card: SOC Automation is #1 (Verdict: Correct)(16:00) 2025 Report Card: The Rise of AI Red Teaming (Verdict: Correct)(17:20) 2025 Report Card: AI in the Browser & OS(21:00) Security Reality: Prompt Injection is still the #1 Risk(22:30) 2025 Report Card: Data Security is the Winner(24:45) 2025 Report Card: Geo-locking & Data Sovereignty(28:00) 2026 Outlook: Age Verification & Adult Content Models(33:00) 2025 Report Card: "Agentic AI" is Overhyped (Verdict: Correct)(39:50) 2025 Report Card: CISOs Should NOT Hire "AI Engineers" Yet(44:00) The "AI Engineer" is just a rebranded Data Scientist(46:40) 2026 Prediction: Self-Training & Self-Fine-Tuning Models(47:50) 2026 Prediction: The AI Bubble Will Burst(49:50) Bold Prediction: Will OpenAI Disappear?(01:01:20) Final Thoughts: Looking ahead to Season 4

Cloudflare announced this year that AI bots must pay to crawl content. In this episode, Ashish Rajan and Caleb Sima dive deep into what this means for the future of the "open web" and why search engines as we know them might be dying . We explore Cloudflare's new model where websites can whitelist AI crawlers in exchange for payment, effectively putting a price tag on the world's information . Caleb spoke about the potential security implications, predicting a shift towards a web that requires strict identity and authentication for both humans and AI agents . The conversation also covers Cloudflare's new open-source browser, Ladybird, positioning itself as a competitor to the dominant Chromium engine . Is this the beginning of Web 3.0 where "information becomes currency"? Tune in to understand the massive shifts coming to browser security, AI agent identity, and the economics of the internet . Questions asked: (00:00) Introduction(01:55) Cloudflare's Announcement: Blocking AI Bots Unless They Pay (03:50) Why Search Engines Are Dying & The "Oracle" of AI (05:40) How the Payment Model Works: Bidding for Content Access (09:30) Will This Adoption Come from Enterprise or Bloggers?(11:45) Security Implications: The Web Requires Identity & Auth (13:50) Phase 2: Cloudflare's New Browser "Ladybird" vs. Chromium (19:00) Moving from B2B to Consumer: Paying Per Article via Browser (21:50) Managing AI Agent Identity: Who is Buying This Dinner? (23:20) Why Did We Switch to Chrome? (Performance vs. Memory) (27:00) Jony Ive & Sam Altman's AI Device: The Future Interface? (30:20) Google's Response: New Tools like "Opal" to Compete with n8n (33:15) The Controversy: Is This the End of the Free Open Web? (36:20) The New Economics of the Internet: Information as Currency Resources discussed during the interview: Cloudflare Just Changed How AI Crawlers Scrape the Internet-at-Large; Permission-Based Approach Makes Way for A New Business Model

Should you build your own AI security tools or buy from a vendor? In this episode, Ashish Rajan and Caleb Sima dive deep into the "Build vs. Buy" debate, sparked by Google DeepMind's release of CodeMender, an AI agent that autonomously finds, root-causes, and patches software vulnerabilities . While building an impressive AI prototype is easy, maintaining and scaling it into a production-grade security product is "very, very difficult" and often leads to failure after 18 months of hidden costs and consistency issues . We get into the incentives driving internal "AI sprawl," where security teams build tools just to secure budget and promotions, potentially fueling an AI bubble waiting to pop . We also discuss the "overhyped" state of AI security marketing, why nobody can articulate the specific risks of "agentic AI," and the future where third-party security products use AI to automatically personalize themselves to your environment, eliminating the need for manual tuning . Questions asked: (00:00) Introduction: The "Most Innovative" Episode Ever(01:40) DeepMind's CodeMender: Autonomously Finding & Patching Vulnerabilities(05:00) The "Build vs. Buy" Debate: Can You Just Slap an LLM on It?(06:50) The Prototype Trap: Why Internal AI Tools Fail at Scale(11:15) The "Data Lake" Argument: Can You Replace a SIEM with DIY AI?(14:30) Bank of America vs. Capital One: Are Banks Building AI Products?(18:30) The Failure of Traditional Threat Intel & Building Your Own(23:00) Perverse Incentives: Why Teams Build AI Tools for Promotions & Budget(26:30) The Coming AI Bubble Pop & The Fate of "AI Wrapper" Startups(31:30) AI Sprawl: Repeating the Mistakes of Cloud Adoption(33:15) The Frustration with "Agentic AI" Hype & Buzzwords(38:30) The Future: AI Platforms & Auto-Personalized Security Products(46:20) Secure Coding as a Black Box: The End of DevSecOps?

What does it take to build a fully autonomous AI system that can find, verify, and patch vulnerabilities in open-source software? Michael Brown, Principal Security Engineer at Trail of Bits, joins us to go behind the scenes of the 3-year DARPA AI Cyber Challenge (AICC), where his team's agent, "Buttercup," won second place. Michael, a self-proclaimed "AI skeptic," shares his surprise at how capable LLMs were at generating high-quality patches . However, he also shared the most critical lesson from the competition: "AI was actually the commodity" The real differentiator wasn't the AI model itself, but the "best of both worlds" approach, robust engineering, intelligent scaffolding, and using "AI where it's useful and conventional stuff where it's useful" . This is a great listen for any engineering or security team building AI solutions. We cover the multi-agent architecture of Buttercup, the real-world costs and the open-source future of this technology . Questions asked: (00:00) Introduction: The DARPA AI Hacking Challenge(03:00) Who is Michael Brown? (Trail of Bits AI/ML Research)(04:00) What is the DARPA AI Cyber Challenge (AICC)?(04:45) Why did the AICC take 3 years to run?(07:00) The AICC Finals: Trail of Bits takes 2nd place(07:45) The AICC Goal: Autonomously find AND patch open source(10:45) Competition Rules: No "virtual patching"(11:40) AICC Scoring: Finding vs. Patching(14:00) The competition was fully autonomous(14:40) The 3-month sprint to build Buttercup v1(15:45) The origin of the name "Buttercup" (The Princess Bride)(17:40) The original (and scrapped) concept for Buttercup(20:15) The critical difference: Finding vs. Verifying a vulnerability(26:30) LLMs were allowed, but were they the key?(28:10) Choosing LLMs: Using OpenAI for patching, Anthropic for fuzzing(30:30) What was the biggest surprise? (An AI skeptic is blown away)(32:45) Why the latest models weren't always better(35:30) The #1 lesson: The importance of high-quality engineering(39:10) Scaffolding vs. AI: What really won the competition?(40:30) Key Insight: AI was the commodity, engineering was the differentiator(41:40) The "Best of Both Worlds" approach (AI + conventional tools)(43:20) Pro Tip: Don't ask AI to "boil the ocean"(45:00) Buttercup's multi-agent architecture (Engineer, Security, QA)(47:30) Can you use Buttercup for your enterprise? (The $100k+ cost)(48:50) Buttercup is open source and runs on a laptop(51:30) The future of Buttercup: Connecting to OSS-Fuzz(52:45) How Buttercup compares to commercial tools (RunSybil, XBOW)(53:50) How the 1st place team (Team Atlanta) won(56:20) Where to find Michael Brown & Buttercup Resources discussed during the interview: Trail of BitsButtercup (Open Source Project)DARPA AI Cyber Challenge (AICC)Movie: The Princess Bride

Anthropic's August 2025 AI Threat Intelligence report is out, and it paints a fascinating picture of how attackers are really using large language models like Claude Code. In this episode, Ashish Rajan and Caleb Sima dive deep into the 10 case studies, revealing a landscape where AI isn't necessarily creating brand new attack vectors, but is dramatically lowering the bar and professionalizing existing ones. The discussion covers shocking examples, from "biohacking" attacks using AI for sophisticated extortion strategies , to North Korean IT workers completely dependent on AI, simulating technical competence to successfully gain and maintain employment at Fortune 500 companies . We also explore how AI enables the rapid development of ransomware-as-a-service and malware with advanced evasion, even by actors lacking deep technical skills . This episode is essential for anyone wanting to understand the practical realities of AI threats today, the gaps in defense, and why the volume might still be low but the potential impact is significant. Questions asked: (00:00) Introduction: Anthropic's AI Threat Report(02:20) Case Study 1: Biohacking & AI-Powered Extortion Strategy(08:15) Case Study 2: North Korean IT Workers Simulating Competence with AI(12:45) The Identity Verification Problem & Potential Solutions(16:20) Case Study 3: AI-Developed Ransomware-as-a-Service (RaaS)(17:35) How AI Lowers the Bar for Malware Creation(20:25) The Gray Area: AI Safety vs. Legitimate Security Research(25:10) Why Defense & Enterprise Adoption of AI Security is Lagging(30:20) Case Studies 4-10 Overview (Fraud, Scams, Malware Distribution, Credential Harvesting)(35:50) Multi-Lingual Attacks: Language No Longer a Barrier(36:45) Case Study: Russian Actor's Rapid Malware Deployment via AI(43:10) Key Takeaways: Early Days, But Professionalizing Existing Threats(45:20) Takeaway 2: The Need for Enterprises to Leverage AI Defensively(50:45) The Gap: Security for AI vs. AI for Security Resources discussed during the interview: Anthropic - Threat Intelligence Report August 2025

What if the prompts used in your AI systems were treated as a new class of threat indicator? In this episode, Thomas Roccia, Senior Security Researcher at Microsoft, introduces the concept of the IOPC (Indicator of Prompt Compromise), sharing that "when there is a threat actors using a GenAI model for malicious activities, then the prompt... is considered as an IOPC". The conversation dives deep into the practical application of AI in threat intelligence. Thomas shares details from his open-source projects, including NOVA, a tool for detecting adversarial prompts, and an AI agent he built to track the complex money laundering scheme from a $1.4 billion crypto hack . We also explore how AI is dramatically lowering the barrier to entry for complex tasks like reverse engineering, turning a once-niche skill into something accessible to a broader range of security professionals . Questions asked: (00:00) Introduction(02:20) Who is Thomas Roccia?(03:20) Using AI for Reverse Engineering & Malware Analysis(04:30) Building an AI Agent to Track Crypto Money Laundering(11:30) What is an IOPC (Indicator of Prompt Compromise)?(14:40) MITRE ATLAS: A TTP Framework for LLMs(18:20) NOVA: An Open-Source Tool for Detecting Malicious Prompts(23:15) Using RAG for Threat Intelligence on Data Leaks(31:00) Proximity: A New Scanner for Malicious MCP Servers(34:30) Why Good Ideas are Now More Valuable Than Execution(35:30) Real-World AI Threats: Stolen API Keys & Smart Malware(40:15) The Challenge of Building Reliable Multi-Agent Systems(48:20) How AI is Lowering the Barrier for Reverse Engineering(50:30) "Vibe Investigating": Assisting the SOC with AI(54:15) Caleb's Personal AI Agent for Document Organization Resources discussed during the call: NOVA- The Prompt Pattern Matching DEF CON 33 Talk - Where’s My Crypto, Dude? The Ultimate Guide to Crypto Money Laundering

Welcome to the 2025 State of AI Security. This year, the conversation has moved beyond simple prompt injection to a far more complex threat: attacking the entire ecosystem surrounding the LLM. In this deep-dive discussion, offensive security experts Jason Haddix (Arcanum Information Security) and Daniel Miessler (Unsupervised Learning) break down the real-world attack vectors they're seeing in the wild. The conversation explores why prompt injection remains an unsolved problem and how the LLM is now being used as a delivery system to attack internal developers and connected applications. We also tackle the critical challenge of incident response, questioning how you can detect or investigate a malicious prompt when privacy regulations in some regions prevent logging and observability. This episode is a must-listen for anyone looking to understand the true offensive and defensive landscape of AI security, from the DARPA Cyber Challenge to the race for AI to control the browser. Questions asked: (00:00) Introduction(02:22) Who are Jason Haddix & Daniel Miessler?(03:40) The State of AI Security in 2025(06:20) It's All About the "Scaffolding", Not Just the Model(08:30) Why Prompt Injection is a Fundamental, Unsolved Problem(10:45) "Attacking the Ecosystem": Using the LLM as a Delivery System(12:45) The New Enterprise Protocol: Prompts in English(15:10) The Incident Response Dilemma: How Do You Detect Malicious Prompts?(16:50) The Challenge of Logging: When Privacy Laws Block Observability(21:30) Has Data Poisoning Become a Major Threat?(27:20) How Far Can Autonomous AI Go in Hacking Today?(28:30) An Inside Look at the DARPA AI Cyber Challenge (AIxCC)(40:45) Are Attackers Actually Using AI in the Wild?(47:30) The Evolution of the "Script Kitty" in the Age of AI(51:00) Would AGI Solve Security? The Problem of Politics & Context(59:15) Context is King: Why Prompt Engineering is a Critical Skill(01:03:30) What are the Best LLMs for Security & Productivity?(01:05:40) The Next Frontier: Why AI is Racing to Own the Browser(01:20:20) Does Using AI to Write Content Erode Trust?

Is the current AI hype cycle different from the ones that failed before? How do you build a security program for technology that can't give the same answer twice? This episode features a deep-dive conversation with Damian Hasse, CISO of Moveworks and a security veteran from Amazon's Alexa team, VMware, and Microsoft. Damian provides a practical blueprint for securing both traditional Machine Learning (ML) and modern Generative AI (GenAI). We discuss the common pitfalls of newly formed AI Councils, where members may lack the necessary ML background to make informed decisions. He shares his framework for assessing AI risk by focusing on the specific use case, the data involved, and building a multi-layered defense against threats like prompt injection and data leakage. This is an essential guide for any security leader or practitioner tasked with navigating the complexities of AI security, from protecting intellectual property in AI-assisted coding to implementing safeguards for enterprise chatbots. Questions asked: (00:00) Introduction(02:31) Who is Damian Hasse? CISO at Moveworks(04:00) AI Security: The Difference Between the Pre-GPT and Post-GPT Eras(06:00) The Problem with New AI Councils Lacking ML Expertise(07:50) A History of AI: The Hype Cycles and Winters Since the 1950s(16:20) Is This AI Hype Cycle Different? The Power of Accessibility(20:25) Securing AI-Assisted Coding: IP Risks, Data Leakage, and Poisoned Models(23:30) The Threat of Indirect Prompt Injection in Open Source Packages(26:20) Are You Asking Your AI the Right Questions? The Power of "What Am I Missing?"(40:20) A CISO's Framework for Securing New AI Features(44:30) Building Practical Safeguards for Enterprise Chatbots(47:25) The Biggest Challenge in Real-Time AI Security: Performance(50:00) Why Access Control in AI is a Deterministic Problem Resources spoken about during the interview Tracing the thoughts of a large language model

Is generative AI a security team's greatest new weapon or its biggest new vulnerability? This episode dives headfirst into the debate with two leading experts on opposite sides of the AI dragon. We 1st published this episode on Cloud Security Podcast and because of the feedback we received from those diving into all things AI Security, we wanted to bring it to those who haven't probably had the chance to hear it yet on this podcast. On one side, discover how to leverage and "tame" AI for your defense. Jackie Bow explains how Anthropic uses its own powerful LLM, Claude, to revolutionize threat detection and response. Learn how AI can be used to: Build investigation and triage tools with incredible speed. Break free from the "black box" of traditional security tools, offering more visibility and control. Creatively "hallucinate" within set boundaries to uncover investigative paths a human might miss. Lower the barrier to entry for security professionals, enabling them to build prototypes and tools without deep coding expertise. On the other side, Kane Narraway provides a masterclass in threat modeling the new landscape of AI systems. He argues that while AI introduces new challenges, many are amplifications of existing SaaS risks. This conversation covers the critical aspects of securing AI, including: Why access, integrations, and authorization are the biggest risk factors in enterprise AI. How to approach threat modeling for both in-house and third-party AI tools. The security challenges of emerging standards like MCP (Meta-Controller Protocol) and the importance of securing the data AI tools can access. The critical need for security teams to adopt AI to keep pace with modern engineering departments. Questions asked: (00:00) Intro: Slaying or Training the AI Dragon at BSidesSF?(02:22) Meet Jackie Bow (Anthropic): Training AI for Security Defense(02:51) Meet Kane Narraway (Canva): Securing AI Systems & Facing Risks(03:49) Was Traditional Security Ops "Hot Garbage"? Setting the Scene(05:57) The Real Risks: What AI Brings to Your Organisation(06:53) AI in Action: Leveraging AI for Threat Detection & Response(07:46) AI Hallucinations: Bug, Feature, or Security Blind Spot?(08:55) Threat Modeling AI: The Core Challenges & Learnings(12:26) Getting Started: Practical AI Threat Detection First Steps(16:42) AI & Cloud: Integrating AI into Your Existing Environments(25:21) AI vs. Traditional: Is Threat Modeling Different Now?(28:34) Your First Step: Where to Begin with AI Threat Modeling?(31:59) Fun Questions & Final Thoughts on the Future of AI Security Resources BSidesSF 2025 - AI's Bitter Lesson for SOCs: Let Machines Be MachinesBSidesSF 2025 - One Search To Rule Them All: Threat Modelling AI Search 

What happens when your product, sales, and marketing teams can build and deploy their own applications in a matter of hours? This is the new reality of "Vibe Coding," and for CISOs, it represents both a massive opportunity for innovation and a significant governance challenge. In this episode, join Ashish Rajan and Caleb Sima as they move beyond the hype to provide a strategic playbook for security leaders navigating the world of AI-assisted development. Learn how Vibe Coding empowers non-engineers to solve business problems and how you can leverage it to rapidly prototype security solutions yourself. Get strategies to handle the inevitable influx of AI-generated applications from across the business without overwhelming your engineering and security teams. Understanding the Core OpportunityAssessing the Real-World OutputManaging the "Shadow Prototype" RiskBuilding Proactive GuardrailsArchitecting for Safety For more episodes like this go to www.aisecuritypodcast.com Questions asked: (00:00) Why Vibe Coding is a C-Suite Issue (02:34) The Strategic Advantage of Hands-On AI (04:20) Your AI Development Toolkit: Where to Start (12:08 Choosing Your First Project: A Framework for Success (16:46) The CISO as an AI Engineering Manager: A Step-by-Step Workflow (31:32) A Surprising Security Finding: AI and Least Privilege (36:47) Augmenting AI with Agents and Live Data (38:50) Beyond Code: AI Agents for Business Automation (Zapier, etc.) (43:30) The "Production Ready" Problem: Who Owns the Code? (53:25) A CISO's Playbook for Governing AI Development Resources spoken about during the episode: AI Native Landscape - Tools Cline Roo-Code Visual Studio Code Windsurf Bolt.new Aider v0 - Vercel Lovable Claude Code ChatGPT

In this episode, we welcome back Guy Podjarny, founder of Snyk and Tessl, to explore the evolution of AI-assisted coding. We dive deep into the three chapters of AI's impact on software development, from coding assistants to the rise of "vibe coding" and agentic development. Guy explains what "vibe coding" truly is, a term coined by Andrej Karpathy where developers delegate more control to AI, sometimes without even reviewing the code. We discuss how this opens the door for non-coders to create real applications but also introduces significant risks. Caleb, Ashish and Guy discuss: The Three Chapters of AI-Assisted Coding: The journey from simple code completion to full AI agent-driven development.Vibe Coding Explained: What is it, who is using it, and why it's best for "disposable apps" like prototypes or weekend projects.A New Security Threat - Slopsquatting: Discover how LLMs can invent fake library names that attackers can exploit, a risk potentially greater than typosquatting.The Future of Development: Why the focus is shifting from the code itself—which may become disposable—to the importance of detailed requirements and rigorous testing.The Developer as a Manager: How the role of an engineer is evolving into managing AI labor, defining specifications, and overseeing workflows Questions asked: (00:00) The Evolution of AI Coding Assistants(05:55) What is Vibe Coding?(08:45) The Dangers & Opportunities of Vibe Coding(11:50) From Vibe Coding to Enterprise-Ready AI Agents(16:25) Security Risk: What is "Slopsquatting"?(22:20) Are Old Security Problems Just Getting Bigger?(25:45) Cloud Sprawl vs. App Sprawl: The New Enterprise Challenge(33:50) The Future: Disposable Code, Permanent Requirements(40:20) Why AI Models Are Getting So Good at Understanding Your Codebase(44:50) The New Role of the AI-Native Developer: Spec & Workflow Manager(46:55) Final Thoughts & Favorite Coding Tools Resources spoken about during the episode: AI Native Dev Community Tessl Cursor Bolt BASE44 Vercel

Dive deep into the evolving landscape of AI in Cybersecurity with Phil Venables, former Chief Information Security Officer at Google Cloud and a cybersecurity veteran with over 30 years of experience. Recorded at RSA, this episode explores the critical shifts and future trends shaping our industry. Caleb, Ashish and Phil speak about The journey from predictive AI to the forefront of Agentic AI in enterprise environments.How organizations are transitioning AI from experimental prototypes to impactful production applications.The three essential pillars of AI control for CISOs: software lifecycle risk, data governance, and operational risk management.Current adversarial uses of AI and the surprising realities versus the hype.Leveraging AI to combat workforce skill shortages and boost productivity within security teams.The rise of "Vibe Coding" and how AI is transforming software development and security.The expanding role of the CISO towards becoming a Chief Digital Risk Officer.Practical advice for security teams on adopting AI for security operations automation and beyond. Questions asked: (00:00) - Intro: AI's Future in Cybersecurity with Phil Venables (00:55) - Meet Phil Venables: Ex-Google Cloud CISO & Cyber Veteran (02:59) - AI Security Now: Navigating Predictive, Generative & Agentic AI (04:44) - AI: Beyond the Hype? Real Enterprise Adoption & Value (05:49) - Top CISO Concerns: Securing AI in Production Environments (07:02) - AI Security for All: Advice for Smaller Organizations (Hint: Platforms!) (09:04) - CISOs' AI Worries: Data Leakage, Prompt Injection & Deepfakes? (12:53) - AI Maturity: Beyond Terminator Fears to Practical Guardrails (14:45) - Agentic AI in Action: Real-World Enterprise Deployments & Use Cases (15:56) - Securing Agentic AI: Building Guardrails & Control Planes (Early Days) (22:57) - Future-Proof Your Security Program for AI: Key Considerations (25:13) - LLM Strategy: Single vs. Multiple Models for AI Applications (28:26) - "Vibe Coding": How AI is Revolutionizing Software Development for Leaders (32:21) - Security Implications of AI-Generated Code & "Shift Downward" (37:22) - Frontier Models & Shared Responsibility: Who Secures What? (39:07) - AI Adoption Hotbeds: Which Security Teams Are Leading the Way? (SecOps First!) (40:20) - AI App Sprawl: Managing Risk in a World of Custom, AI-Generated Apps

Are you overlooking the most critical piece of real estate in your enterprise security strategy, especially with the rise of AI? With 90% or more of employee work happening inside a browser, it's becoming the new operating system and the primary entry point for AI agents. In this episode, Ashish and Caleb dive deep into the world of Enterprise Browsers. They explore why this often-underestimated technology is set to disrupt how AI agents operate and why it should be top-of-mind for every security leader. Join us as we cover: What are Enterprise Browsers? Understanding these Chromium-based, standalone browsers.Who are the Key Players? A look at companies like Island Security and Talon Security (now Palo Alto).Why Now? How browsers became the de facto OS and the prime spot for AI integration.The Power of Control: Exploring benefits like built-in DLP (Data Loss Prevention), Zero Trust capabilities, policy enforcement, and BYOD enablement.Beyond Security: How enterprise browsers can inject features and modify permissions without backend dev work.AI Agents in Action: How AI will leverage browsers for automation and the security challenges this presents.The Future Outlook: Predictions for AI-enabled browsers and the coming wave of browser-focused AI security startups.Whether you're skeptical or already exploring browser security, this conversation offers valuable insights into managing AI agents and securing your organization in an increasingly browser-centric, AI-driven world. Questions asked: (00:00) Intro: Why Enterprise Browsers are Crucial for AI Agents(01:50) Why Discuss Enterprise Browsers on an AI Cybersecurity Podcast?(02:20) The Browser is the New OS: 99% of Time Spent (03:00) AI Agents' Easiest Entry Point: The Browser (03:30) Example: How an AI Agent Automates Tasks via Browser (04:30) The Scope: Intranet, SaaS, and 60% of Employee Activity (06:50) OpenAI's Operator Demo & Browser Emulation (07:45) Overview: What are Enterprise Browsers? (Vendors & Purpose) (08:50) Key Players: Talon (Palo Alto) & Island Security (09:30) Benefit 1: Built-in DLP & Visibility (10:10) Benefit 2: Zero Trust Capabilities (10:40) Benefit 3: Policy, Compliance & Password Management (11:00) Use Case: BYOD & Contractors (Replacing Virtual Desktops?) (13:10) Why Not Firefox or Edge? The Power of Chromium (16:00) Budgeting Challenge: Why Browser Security is Often Overlooked (17:00) The Rise of AI Browser Plugins & Startups (19:30) The Hidden Risk: Existing Chrome Plugin Dangers (23:45) Why Did OpenAI Want to Buy Chrome? (25:00) Devil's Advocate: Can Enterprise Browsers Stop OWASP Top 10? (27:06) Example: AI Agent Ordering Flowers via Browser Extension (29:00) How AI Agents Gain Power via Browser Extensions (30:15) Prediction: What AI Browser Security Startups will look like at RSA 2026? (31:30) Skepticism: Will Enterprises Really Fund Browser Security? (SSPM Lessons) (34:00) The #1 Benefit You Don't Know: Injecting Features Without Code! (34:45) Example: Masking PII & Adding 2FA via Enterprise Browser (38:15) Monitoring AI Agents: Browser as a "Man-in-the-Middle" (40:00) The "AI Version of Chrome": A Future Consumer Product? (42:15) Personal vs. Professional: The Blurring Lines in Browser Use (44:15) Final Predictions & The Cybersecurity Gap (45:00) Final Thoughts & Wrap Up

As AI systems become more integrated into enterprise operations, understanding how to test their security effectively is paramount. In this episode, we're joined by Leonard Tang, Co-founder and CEO of Haize Labs, to explore how AI red teaming is changing. Leonard discusses the fundamental shifts in red teaming methodologies brought about by AI, common vulnerabilities he's observing in enterprise AI applications, and the emerging risks associated with multimodal AI (like voice and image processing systems). We delve into the intricacies of achieving precise output control for crafting sophisticated AI exploits, the challenges enterprises face in ensuring AI safety and reliability, and practical mitigation strategies they can implement. Leonard shares his perspective on the future of AI red teaming, including the critical skills cybersecurity professionals will need to develop, the potential for fingerprinting AI models, and the ongoing discussion around protocols like MCP. Questions asked: 00:00 Intro: AI Red Teaming's Evolution01:50 Leonard Tang: Haize Labs & AI Expertise05:06 AI vs. Traditional Red Teaming (Enterprise View)06:18 AI Quality Assurance: The Haize Labs Perspective08:50 AI Red Teaming: Real-World Application Examples10:43 Major AI Risk: Multimodal Vulnerabilities Explained11:50 AI Exploit Example: Voice Injections via Background Noise15:41 AI Vulnerabilities & Early XSS: A Cybersecurity Analogy20:10 Expert AI Hacking: Precisely Controlling AI Output for Exploits21:45 The AI Fingerprinting Challenge: Identifying Chained Models25:48 Fingerprinting LLMs: The Reality & Detection Difficulty29:50 Top Enterprise AI Security Concerns: Reputation & Policy34:08 Enterprise AI: Model Choices (Frontier Labs vs. Open Source)34:55 Future of LLMs: Specialized Models & "Hot Swap" AI37:43 MCP for AI: Enterprise Ready or Still Too Early?44:50 AI Security: Mitigation with Precise Input/Output Classifiers49:50 Future Skills for AI Red Teamers: Discrete Optimization Resources discussed during the episode: Baselines for Watermarking Large Language Models Haize Labs

Caleb and Ashish cut through the Agentic AI hype, expose real MCP (Multi-Cloud Platform) risks, and discuss the future of AI in cybersecurity. If you're trying to understand what really happened at RSA and what it means for the industry, you would want to hear this. In this episode, Caleb Sima and Ashish Rajan dissect the biggest themes from RSA, including: Agentic AI Unpacked: What is Agentic AI really, beyond the marketing buzz?MCP & A2A Deployment Dangers: MCPs are exploding, but how do you deploy them safely across an enterprise without slowing down business?AI & Identity/Access Management: The complexities AI introduces to identity, authenticity, and authorization.RSA Innovation Sandbox InsightsGetting Noticed at RSA: What marketing strategies actually work to capture attention from CISOs and executives at a massive conference like RSA?The Current State of AI Security Knowledge Questions asked: (00:00) Introduction (02:44) RSA's Big Theme: The Rise of Agentic AI (09:07) Defining Agentic AI: Beyond Basic Automation (12:56) AI Agents vs. API Calls: Clarifying the Confusion (17:54) AI Terms Explained: Inference vs. User Inference (21:18) MCP Deployment Dangers: Identifying Real Enterprise Risks (25:59) Managing MCP Risk: Practical Steps for CISOs (29:13) MCP Architecture: Understanding Server vs. Client Risks (32:18) AI's Impact on Browser Security: The New OS? (36:03) AI & Access Management: The Identity & Authorization Challenge (47:48) RSA Innovation Sandbox 2025: Top Startups & Winner Insights (51:40) Marketing That Cuts Through: How to REALLY Get Noticed at RSA

Dive deep into the world of AI agent communication with this episode. Join hosts Caleb Sima and Ashish Rajan as they break down the crucial protocols enabling AI agents to interact and perform tasks: Model Context Protocol (MCP) and Agent-to-Agent (A2A). Discover what MCP and A2A are, why they're essential for unlocking AI's potential beyond simple chatbots, and how they allow AI to gain "hands and feet" to interact with systems like your desktop, browsers, or enterprise tools like Jira. The hosts explore practical use cases, the underlying technical architecture involving clients and servers, and the significant security implications, including remote execution risks, authentication challenges, and the need for robust authorization and privilege management. The discussion also covers Google's entry with the A2A protocol, comparing and contrasting it with Anthropic's MCP, and debating whether they are complementary or competing standards. Learn about the potential "AI-ification" of services, the likely emergence of MCP firewalls, and predictions for the future of AI interaction, such as AI DNS. If you're working with AI, managing cybersecurity in the age of AI, or simply curious about how AI agents communicate and the associated security considerations, this episode provides critical insights and context. Questions asked: (00:00) Introduction: AI Agents & Communication Protocols (02:06) What is MCP (Model Context Protocol)? Defining AI Agent Communication (05:54) MCP & Agentic Workflows: Enabling AI Actions & Use Cases (09:14) Why MCP Matters: Use Cases & The Need for AI Integration (14:27) MCP Security Risks: Remote Execution, Authentication & Vulnerabilities (19:01) Google's A2A vs Anthropic's MCP: Protocol Comparison & Debate (31:37) Future-Proofing Security: MCP & A2A Impact on Security Roadmaps (38:00) - MCP vs A2A: Predicting the Dominant AI Protocol (44:36) - The Future of AI Communication: MCP Firewalls, AI DNS & Beyond (47:45) - Real-World MCP/A2A: Adoption Hurdles & Practical Examples

In this episode, we sit down with Joseph Thacker, a bug bounty hunter and AI security researcher, to uncover the evolving threat landscape of AI-powered applications and agents. Joseph shares battle-tested insights from real-world AI bug bounty programs, breaks down why AI AppSec is different from traditional AppSec, and reveals common vulnerabilities most companies miss, like markdown image exfiltration, XSS from LLM responses, and CSRF in chatbots. He also discusses the rise of AI-driven pentesting agents ("hack bots"), their current limitations, and how augmented human hackers will likely outperform them, at least for now. If you're wondering whether AI can really secure or attack itself, or how AI is quietly reshaping the bug bounty and AppSec landscape, this episode is a must-listen. Questions asked: (00:00) Introduction (02:14) A bit about Joseph (03:57) What is AI AppSec? (05:11) Components of AI AppSec (08:20) Bug Bounty for AI Systems (10:48) Common AI security issues (15:09) How will AI change pentesting? (20:23) How is the attacker landscape changing? (22:33) Where would autimation add the most value? (27:03) Is code being deployed less securely? (32:56) AI Red Teaming (39:21) MCP Security (42:13) Evolution of pentest with AI Resources shared during the interview: - How to Hack AI Agents and Applications - Critical Thinking Bug Bounty Podcast - The Rise of AI Hackbots - Shift - Caido Plugin - Shadow Repeater - Nuclei - Haize Labs - White Circle AI - Prompt Injection Primer for Engineers

Can you prove you’re actually human? In a world of AI deepfakes, synthetic identities, and evolving cybersecurity threats, digital identity is more critical than ever. With AI-generated voices, fake videos, and evolving fraud tactics, the way we authenticate ourselves online is rapidly changing. So, what’s the future of digital identity? And how can you protect yourself in this new era? In this episode, hosts Caleb Sima and Ashish Rajan is joined by Adrian Ludwig, CISO at Tools For Humanity (World ID project), former Chief Trust Officer at Atlassian, and ex-Google security lead for Android. Together, they explore: Why digital identity is fundamentally broken and needs a major rebootThe rise of AI-powered identity fraud and how it threatens securityHow World ID is using blockchain and biometrics to verify real humansThe debate: Should we trust governments, companies, or decentralized systems with our identity?The impact of GenAI & deepfakes on authentication and online trust Questions asked: (00:00) Introduction (03:55) Digital Identity in 2025 (14:13) How has AI impacted Identity? (29:33) Trust and Transparency with AI (32:18) Authentication and Identity (49:53) What can people do today? (52:05) Where can people learn about World Foundation? (53:49) Adoption of new identity protocols Resources spoken about during the episode: Tools for Humanity World.org

AI is evolving fast, and AI agents are the latest buzzword. But what exactly are they? Are they truly intelligent, or just automation in disguise? In this episode, Caleb Sima and Ashish Rajan spoke to Daniel Miessler—a cybersecurity veteran who is now deep into AI security research. 🎙️ In this episode, we cover: ✅ What AI agents really are (and what they’re NOT) ✅ How AI is shifting from searching to making decisions ✅ The biggest myths and misconceptions about AI automation ✅ Why most companies calling their tools “AI agents” are misleading you ✅ How AI agents will impact cybersecurity, business, and the future of work ✅ The security risks and opportunities no one is talking about Questions asked: (00:00) Introduction (03:50) What are AI Agents? (06:53) Use case for AI Agents (14:39) Can AI Agents be used for security today? (22:06) AI Agent’s impact on Attackers and Defenders in Cybersecurity (37:05) AI Agents and Non Human Identities (45:22) The big picture with AI Agents (48:28) Transparency and Ethics for AI Agents (58:36) Whats exciting about future of AI Agents? (01:08:00) Would there still be value for foundational knowledge

AI is revolutionizing many things, but how does it impact detection engineering and SOC teams? In this episode, we sit down withDylan Williams, a cybersecurity practitioner with nearly a decade of experience in blue team operations and detection engineering. We speak about how AI is reshaping threat detection and response, the future role of detection engineers in an AI-driven world, can AI reduce false positives and speed up investigations, the difference between automation vs. agentic AI in security and practical AI tools you can use right now in detection & response Questions asked: (00:00) Introduction (02:01) A bit about Dylan Williams (04:05) Keeping with up AI advancements (06:24) Detection with and without AI (08:11) Would AI reduce the number of false positives? (10:28) Does AI help identity what is a signal? (14:18) The maturity of the current detection landscape (17:01) Agentic AI vs Automation in Detection Engineering (19:35) How prompt engineering is evolving with newer models? (25:52) How AI is imapcting Detection Engineering today? (36:23) LLM Models become the detector (42:03) What will be the future of detection? (47:58) What can detection engineers practically do with AI today? (52:57) Favourite AI Tool and Final thoughts on Detection Engineering Resources spoken about during the episode: exa.ai - The search engine for AI Building effective agents (Athropic’s blog different architecture and design patterns for agents)-https://www.anthropic.com/research/building-effective-agents - Introducing Ambient Agents (LangChain’s blog on Ambient Agents) -https://blog.langchain.dev/introducing-ambient-agents/ - Jared Atkinson’s Blog on Capability Abstraction -https://posts.specterops.io/capability-abstraction-fbeaeeb26384 LangGraph Studio -https://studio.langchain.com/ n8n -https://n8n.io/ Flowise -https://flowiseai.com/ CrewAI -https://www.crewai.com/

Welcome to 2025! In this episode our hosts Ashish Rajan and Caleb Sima, tackle the pressing question: What should your AI cybersecurity game plan look like this year? The rapid evolution of agentic AI—where AI agents can perform tasks autonomously—is set to transform businesses, but it comes with unprecedented security challenges. From the resurgence of Identity and Access Management (IAM) to the urgent need for least privilege strategies, this episode captures actionable insights for CISOs and security leaders. What is agentic AI and how it may impact businesses? Top 3 priorities for building an effective AI security plan. The critical role of IAM and least privilege in managing AI agents. Real-world examples of how agentic AI will impact operations and security. Practical advice on incident response, monitoring, and preparing for AI-driven challenges. Questions asked: (00:00) Introduction (01:59) The current state of AI in Enterprise (10:22) Different Levels of Agentic AI (12:05) CISO AI Cybersecurity Game plan for 2025 (15:57) IAM’s fire comeback (23:11) Top 3 things for AI Cybersecurity Plan

In this episode, to kick of 2025, we dive deep into AI and cybersecurity predictions for 2025 exploring the opportunities, challenges, and trends shaping the future of the industry. Our hosts, Ashish Rajan and Caleb Sima sat down to discuss the evolution of SOC automation and its real-world impact on cybersecurity, the practical use cases for AI-enhanced security tools in organizations, why data security might be the real winner in 2025, the potential of agentic AI and its role in transforming security operations and predictions for AI-powered startups and their production-ready innovations in 2025. Questions asked: (00:00) Introduction (06:32) Current AI Innovation in Cybersecurity (21:57) AI Security Predictions for 2025 (25:02) Data Security and AI in 2025 (30:56) The rise of Agentic AI (35:40) Planning for AI Skills in the team (42:53) What to ditch from 2024? (48:00) AI Making Security Predictions for 2025

Host Caleb Sima and Ashish Rajan caught up with experts Daniel Miessler (Unsupervised Learning), Joseph Thacker (Principal AI Engineer, AppOmni) to talk about the true vulnerabilities of AI applications, how prompt injection is evolving, new attack vectors through images, audio, and video and predictions for AI-powered hacking and its implications for enterprise security. Whether you're a red teamer, a blue teamer, or simply curious about AI's impact on cybersecurity, this episode is packed with expert insights, practical advice, and future forecasts. Don’t miss out on understanding how attackers leverage AI to exploit vulnerabilities—and how defenders can stay ahead. Questions asked: (00:00) Introduction (02:11) A bit about Daniel Miessler (02:22) A bit about Rez0 (03:02) Intersection of Red Team and AI (07:06) Is red teaming AI different? (09:42) Humans or AI: Better at Prompt Injection? (13:32) What is a security vulnerability for a LLM? (14:55) Jailbreaking vs Prompt Injecting LLMs (24:17) Whats new for Red Teaming with AI? (25:58) Prompt injection in Multimodal Models (27:50) How Vulnerable are AI Models? (29:07) Is Prompt Injection the only real threat? (31:01) Predictions on how prompt injection will be stored or used (32:45) What’s changed in the Bug Bounty Toolkit? (35:35) How would internal red teams change? (36:53) What can enterprises do to protect themselves? (41:43) Where to start in this space? (47:53) What are our guests most excited about in AI? Resources Daniel's Webpage - Unsupervised Learning Joseph's Website

In this jam-packed episode, with our panel we explored the current state and future of AI in the cybersecurity landscape. Hosts Caleb Sima and Ashish Rajan were joined by industry leaders Jason Clinton (CISO, Anthropic), Kristy Hornland (Cybersecurity Director, KPMG) and Vijay Bolina (CISO, Google DeepMind) to dive into the critical questions surrounding AI security. We’re at an inflection point where AI isn’t just augmenting cybersecurity—it’s fundamentally changing the game. From large language models to the use of AI in automating code writing and SOC operations, this episode examines the most significant challenges and opportunities in AI-driven cybersecurity. The experts discuss everything from the risks of AI writing insecure code to the future of multimodal models communicating with each other, raising important questions about trust, safety, and risk management. For anyone building a cybersecurity program in 2024 and beyond, you will find this conversation valuable as our panelist offer key insights into setting up resilient AI strategies, managing third-party risks, and navigating the complexities of deploying AI securely. Whether you're looking to stay ahead of AI's integration into everyday enterprise operations or explore advanced models, this episode provides the expert guidance you need Questions asked: (00:00) Introduction (02:28) A bit about Kristy Hornland (02:50) A bit about Jason Clinton (03:08) A bit about Vijay Bolina (04:04) What are frontier/foundational models? (06:13) Open vs Closed Model (08:02) Securing Multimodal models and inputs (12:03) Business use cases for AI use (13:34) Blindspots with AI Security (27:19) What is RPA? (27:47) AI’s talking to other AI’s (32:31) Third Party Risk with AI (38:42) Enterprise view of risk with AI (40:30) CISOs want Visibility of AI Usage (45:58) Third Party Risk Management for AI (52:58) Starting point for AI in cybersecurity program (01:02:00) What the panelists have found amazing about AI

In this episode of the AI Cybersecurity Podcast, Caleb and Ashish sat down with Vijay Bolina, Chief Information Security Officer at Google DeepMind, to explore the evolving world of AI security. Vijay shared his unique perspective on the intersection of machine learning and cybersecurity, explaining how organizations like Google DeepMind are building robust, secure AI systems. We dive into critical topics such as AI native security, the privacy risks posed by foundation models, and the complex challenges of protecting sensitive user data in the era of generative AI. Vijay also sheds light on the importance of embedding trust and safety measures directly into AI models, and how enterprises can safeguard their AI systems. Questions asked: (00:00) Introduction (01:39) A bit about Vijay (03:32) DeepMind and Gemini (04:38) Training data for models (06:27) Who can build an AI Foundation Model? (08:14) What is AI Native Security? (12:09) Does the response time change for AI Security? (17:03) What should enterprise security teams be thinking about? (20:54) Shared fate with Cloud Service Providers for AI (25:53) Final Thoughts and Predictions

What were the key AI Cybersecurity trends at ⁠BlackHat USA⁠? In this episode of the AI Cybersecurity Podcast, hosts ⁠Ashish Rajan⁠ and ⁠Caleb Sima⁠ dive into the key insights from Black Hat 2024. From the AI Summit to the CISO Summit, they explore the most critical themes shaping the cybersecurity landscape, including deepfakes, AI in cybersecurity tools, and automation. The episode also features discussions on the rising concerns among CISOs regarding AI platforms and what these mean for security leaders. Questions asked: (00:00) Introduction (02:49) Black Hat, DEF CON and RSA Conference (07:18) Black Hat CISO Summit and CISO Concerns (11:14) Use Cases for AI in Cybersecurity (21:16) Are people tired of AI? (21:40) AI is mostly a side feature (25:06) LLM Firewalls and Access Management (28:16) The data security challenge in AI (29:28) The trend with Deepfakes (35:28) The trend of pentest automation (38:48) The role of an AI Security Engineer

In this episode of the AI Cybersecurity Podcast, we dive deep into the latest findings from Google's DeepMind report on the misuse of generative AI. Hosts Ashish and Caleb explore over 200 real-world cases of AI misuse across critical sectors like healthcare, education, and public services. They discuss how AI tools are being used to create deepfakes, fake content, and more, often with minimal technical expertise. They analyze these threats from a CISO's perspective but also include an intriguing comparison between human analysis and AI-generated insights using tools like ChatGPT and Anthropic's Claude. From the rise of AI-powered impersonation to the manipulation of public opinion, this episode uncovers the real dangers posed by generative AI in today’s world. Questions asked: (00:00) Introduction (03:39) Generative Multimodal Artificial Intelligence (09:16) Introduction to the report (17:07) Enterprise Compromise of GenAI systems (20:23) Gen AI Systems Compromise (27:11) Human vs Machine Resources spoken about during the episode: Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data

How much can we really trust AI-generated code more over Human generated Code today? How does AI-Generated code compare to Human generated code in 2024? Caleb and Ashish spoke to Guy Podjarny, Founder and CEO at Tessl about the evolving world of AI generated code, the current state and future trajectory of AI in software development. They discuss the reliability of AI-generated code compared to human-generated code, the potential security risks, and the necessary precautions organizations must take to safeguard their systems. Guy has also recently launched his own podcast with Simon Maple called The AI Native Dev, which you can check out if you are interested in hearing more about the AI Native development space. Questions asked: (00:00) Introduction (02:36) What is AI Generated Code? (03:45) Should we trust AI Generated Code? (14:34) The current usage of AI in Code Generated (18:27) Securing AI Generated Code (23:44) Reality of Security AI Generated Code Today (30:22) The evolution of Security Testing (37:36) Where to start with AI Security today? (50:18) Evolution of the broader cybersecurity industry with AI (54:03) The Positives of AI for Cybersecurity (01:00:48) The startup Landscape around AI (01:03:16) The future of AppSec (01:05:53) The future of security with AI

Which AI Security Framework is right for you? As AI is gaining momentum, we are starting to see quite a few frameworks appearing but the question is, which one should you start with and can AI help you decide! Caleb and Ashish tackle this challenge head-on, comparing three major AI security frameworks: Databricks, NIST, and OWASP Top 10. They break down the key components of each framework, discuss practical implementation strategies, and provide actionable insights for CISOs and security leaders. They may have had some help along the way. Questions asked: (00:00) Introduction (02:54) Databricks AI Security Framework (DASF) (06: 38) Top 3 things from DASF by Claude 3 (07:32) Top 3 things from DASF by ChatGPT (08:46) DASF Use Case Scenario (11:01) Thoughts on DASF (13:18) OWASP Top 10 for LLM Models (20:12) Google's Secure AI Framework (SAIF) (21:31) NIST AI Risk Management Framework (25:18) Claude 3 summarises NIST RMF for 5 year old (28:00) ChatGPT compares NIST RMF and NIST CSF (28:48) How do the frameworks compare? (36:46) Summary of all the frameworks Resources from this episode: Databricks AI Security Framework (DASF) OWASP Top 10 for LLM NIST AI Risk Management Framework Google Secure AI Framework

What is the current state and future potential of AI Security? This special episode was recorded LIVE at BSidesSF (thats why its a little noisy), as we were amongst all the exciting action. Clint Gibler, Caleb Sima and Ashish Rajan sat down to talk about practical uses of AI today, how AI will transform security operations, if AI can be trusted to manage permissions and the importance of understanding AI's limitations and strengths. Questions asked: (00:00) Introduction (02:24) A bit about Clint Gibler (03:10) What top of mind with AI Security? (04:13) tldr of Clint’s BSide SF Talk (08:33) AI Summarisation of Technical Content (09:47) Clint’s favourite part of the talk - Fuzzing (15:30) Questions Clint got about his talk (17:11) Human oversight and AI (25:04) Perfection getting in the way of good (30:15) AI on the engineering side (36:31) Predictions for AI Security Resources from this coversation: Caleb's Keynote at BSides SF Clint's Newsletter

Key AI Security takeaways from RSA Conference 2024, BSides SF 2024 and all the fringe activities that happen in SF during that week. Caleb and Ashish were speakers, panelists, participating in several events during that week and this episode captures all the highlights from all the conversations they had and they trends they saw during what they dubbed the "Cybersecurity Fringe Festival” in SF. Questions asked: (00:00) Introduction (02:53) Caleb’s Keynote at BSides SF (05:14) Clint Gibler’s Bsides SF Talk (06:28) What are BSides Conferences? (13:55) Cybersecurity Fringe Festival (17:47) RSAC 2024 was busy (19:05) AI Security at RSAC 2024 (23:03) RSAC Innovation Sandbox (27:41) CSA AI Summit (28:43) Interesting AI Talks at RSAC (30:35) AI conversations at RSAC (32:32) AI Native Security (33:02) Data Leakage in AI Security (30:35) Is AI Security all that different? (39:26) How to filter vendors selling AI Solutions?

How can AI change a Security Analyst's workflow? Ashish and Caleb caught up with Ely Kahn, VP of Product at SentinelOne, to discuss the revolutionary impact of generative AI on cybersecurity. Ely spoke about the challenges and solutions in integrating AI into cybersecurity operations, highlighting how can simplify complex processes and empowering junior to mid-tier analysts. Questions asked: (00:00) Introduction (03:27) A bit about Ely Kahn (04:29) Current State of AI in Cybersecurity (06:45) How AI could impact Cybersecurity User Workflow? (08:37) What are some of the concerns with such a model? (14:22) How does it compare to a analyst not using this model? (21:41) Whats stopping models for going into autopilot? (30:14) The reasoning for using multiple LLMs (34:24) ChatGPT vs Anthropic vs Mistral You can discover more about SentinelOne's Purple AI here!

How is AI transforming traditional approaches to offensive security, pentesting, security posture management, security assessment, and even code security? Caleb and Ashish spoke to Rob Ragan, Principal Technology Strategist at Bishop Fox about how AI is being implemented in the world of offensive security and what the right way is to threat model an LLM. Questions asked: (00:00) Introductions (02:12) A bit about Rob Ragan (03:33) AI in Security Assessment and Pentesting (09:15) How is AI impacting pentesting? (14:50 )Where to start with AI implementation in offensive Security? (18:19) AI and Static Code Analysis (21:57) Key components of LLM pentesting (24:37) Testing whats inside a functional model? (29:37) Whats the right way to threat model an LLM? (33:52) Current State of Security Frameworks for LLMs (43:04) Is AI changing how Red Teamers operate? (44:46) A bit about Claude 3 (52:23) Where can you connect with Rob Resources spoken about in this episode: https://www.pentestmuse.ai/ https://github.com/AbstractEngine/pentest-muse-cli https://docs.garak.ai/garak/ https://github.com/Azure/PyRIT https://bishopfox.github.io/llm-testing-findings/ https://www.microsoft.com/en-us/research/project/autogen/

What is the current reality for AI automation in Cybersecurity? Caleb and Ashish spoke to Edward Wu, founder and CEO of Dropzone AI about the current capabilities and limitations of AI technologies, particularly large language models (LLMs), in the cybersecurity domain. From the challenges of achieving true automation to the nuanced process of training AI systems for cyber defense, Edward, Caleb and Ashish shared their insights into the complexities of implementing AI and the importance of precision in AI prompt engineering, the critical role of reference data in AI performance, and how cybersecurity professionals can leverage AI to amplify their defense capabilities without expanding their teams. Questions asked: (00:00) Introduction (05:22) A bit about Edward Wu (08:31) What is a LLM? (11:36) Why have we not seen entreprise ready automation in cybersecurity? (14:37) Distilling the AI noise in the vendor landscape (18:02) Solving challenges with using AI in enterprise internally (21:35) How to deal with GenAI Hallucinations? (27:03) Protecting customer data from a RAG perspective (29:12) Protecting your own data from being used to train models (34:47) What skillset is required in team to build own cybersecurity LLMs? (38:50) Learn how to prompt engineer effectively

There is a complex interplay between innovation and security in the age of GenAI. As the digital landscape evolves at an unprecedented pace, Daniel, Caleb and Ashish share their insights on the challenges and opportunities that come with integrating AI into cybersecurity strategies Caleb challenges the current trajectory of safety mechanisms in technology and how overregulation may inhibit innovation and the advancement of AI's capabilities. Daniel Miessler, on the other hand, emphasizes the necessity of accepting technological inevitabilities and adapting to live in a world shaped by AI. Together, they explore the potential overreach in AI safety measures and discuss how companies can navigate the fine line between fostering innovation and ensuring security. Questions asked: (00:00) Introduction (03:19) Maintaining Balance of Innovation and Security (06:21) Uncensored LLM Models (09:32) Key Considerations for Internal LLM Models (12:23) Balance between Security and Innovation with GenAI (16:03) Enterprise risk with GenAI (25:53) How to address enterprise risk with GenAI? (28:12) Threat Modelling LLM Models

What does AI mean for Cybersecurity in 2024? Caleb and Ashish sat down with Daniel Miessler. This episode is a must listen for CISOs and cybersecurity practitioners exploring AI's potential and pitfalls. From the intricacies of Large Language Models (LLM) and API security to the nuances of data protection, Ashish, Caleb and Daniel unpack the most pressing threats and opportunities facing the cybersecurity landscape in 2024. Questions asked: (00:00) Introduction (06:06) A bit about Daniel Miessler (06:23) Current State of Artificial General Intelligence (13:57) What going to change in security with AI? (16:40) AI’s role in spear phishing (19:10) AI’s role in Recon (21:08) Where to start with AI Security? (26:48) AI focused cybersecurity startups (31:12) Security Challenges with self hosted LLMs (39:34) Are the models becoming too restrictive Resources spoken about during the episode: Unsupervised Learning

AI Security using LLM, AI Agents & more can be used to innovate cyber security practices. In this episode Ashish and Caleb sit down to chat about the nuances of creating custom AI agents, the implications of prompt engineering, and the innovative uses of AI in detecting and preventing security threats. From discussing the complexity of Data Loss Prevention (DLP) in today's world to debating the realistic timeline for the advent of Artificial General Intelligence (AGI). Questions asked: (00:26) The impact of GenAI on Workforce (04:11) Understanding Artificial General Intelligence (05:57) Using Custom Agents in OpenAI (09:37) Exploring Custom AI Agents: Definition and Uses (12:08) Security Concerns with Custom AI Agents (14:32) AI's Role in Data Protection (18:41) AI’s Role in API Security (20:56) Complexity of Data Protection with AI (25:42) Protecting Against Prompt Injections in AI Systems (27:53) Prompt Engineering and Penetration Testing (31:16) Risks of Prompt Engineering in AI Security (37:03) What's Hot in AI Security and Innovation?

How to efficiently secure, scale and deploy LLMs in an Enterprise? Kicking off 2024 with the final instalment of our AI Cybersecurity Primer. In this episode Caleb and Ashish talk about large language models (LLMs), their deployment in enterprise settings, and the nuances of their operation. They explore the challenges and opportunities in ensuring the security of these systems, emphasising the importance of cybersecurity measures in the evolving landscape of AI. Questions asked: (00:00) Introduction (02:23) Deployment of LLM System (07:13) Deployment in an Enterprise (12:01) Threats with LLMs (15:30) Protecting Data (18:17) LLMs and Compliance (19:51) LLM Control Plane (26:36) Whats hot in AI! (36:57) Vendor risk assessment If you found this episode valuable, you can catch Part-1 & Part 2 of the AI Primer Series here - If you have any questions about AI & it's security please drop that as a comment or reach out to us on [email protected] #aicybersecurity #largelanguagemodels #ai

You cant protect what you don't understand. We are continuing Part 2 of our AI Primer on the AI Cybersecurity Podcast to understand what role AI will play in the world of cybersecurity. In this episde, Caleb and Ashish are levelling up the playing field, talking all things LLMs (Large Language Models), GenAI and laying the foundations with AI primers for cybersecurity in the season 1 of AI CyberSecurity Podcast. Questions asked: (00:00) Introduction (02:34) Evolution of LLM and GenAI (09:20) How does LLM work? (17:15) Differentiating between LLMs (22:05) The cost of running LLMs (23:43) Deploying an LLM (26:10 Big Companies vs Startups (32:21) Whats hot in AI this week! If you found this episode valuable, listen to Part-1 of the AI Primer Series ! If you have any questions about AI & it's security please drop that as a comment or reach out to us on [email protected]

To understand what role AI will play in the world of cybersecurity, it important to understand the technology behind it. Caleb and Ashish are levelling up the playing field and laying the foundations with AI primers for cybersecurity in the season 1 of AI CyberSecurity Podcast. What was discussed: (00:00) Introduction (02:36) Learning about AI/ML (08:00) Acronyms of AI (10:49) AGI - Artificial General Intelligence (11:29) Three states of AGI (13:48) AI/ML in Security Products (17:03) Different kinds of learning (21:51) Whats hot in the AI Section!!

Ashish Rajan and Caleb Sima, who have been Cybersecurity practitioners and CISOs for over a decade, are combining forces to bring to you how CyberSecurity can be applied to AI without FUD. Each episode discuss a AI Theme and What's Hot in AI. You can expect the episodes on your favorite Podcast Player every two weeks. This is a Audio & Video podcast so you can find video of each episode on AI CyberSecurity Podcast YouTube Channel If you have any AI & CyberSecurity queries or topics you would like us to cover, please reach out to us on [email protected] You can also check out our sister podcast - Cloud Security Podcast for all your cloud and cloud native security topics.