Before The Commit
AI is writing your code. Who's watching the AI? Before The Commit explores AI coding security, emerging threats, and the trends reshaping software development. Hosts Danny Gershman and Dustin Hilgaertner break down threat models, prompt injection, shadow AI, and practical defenses — drawing from experience across defense, fintech, and enterprise environments. Companion to the book Before The Commit: Securing AI in the Age of Autonomous Code. No hype, just tactical insight for developers, security engineers, and leaders building in the AI era.
Episodes
**Tailwind Labs and AI's Impact on Business Models:**\The conversation begins by examining how AI is affecting established open-source projects like Tailwind Labs. Traditionally, companies monetize open-source by offering premium add-ons or services. However, AI, by enabling users to generate code and potentially create custom solutions internally, is seen as "cannibalizing" these revenue streams. This phenomenon is t...
This episode of "Before the Commit" (Episode 18, the last of 2025) features hosts Dustin and Sam discussing various AI topics. They begin by reflecting on their podcast journey over the past six months, noting its unexpected benefits in clarifying their own thoughts and keeping them updated with the rapidly evolving AI landscape. Sam likens this to an "Arnold Schwarzenegger effect," where consistent content crea...
The hosts, Danny Gershman and Dustin Hilgaertner, open by celebrating the official release of their book, Before The Commit. Dustin shares his excitement about receiving the physical proof, describing the book as a "playbook" for CISOs and engineering leaders. The book addresses the current binary state of the industry—companies either blocking AI entirely (causing "Shadow AI" leaks) or rushing in without securi...
Episode 16: Code Red at OpenAI, LLM Council, and the HashJack Exploit
Is OpenAI in crisis mode? This week Danny and Dustin dive into the reported "code red" at OpenAI following Google's Gemini 3 release, and the curious reversal just 24 hours later claiming everything is fine. The hosts break down what this means for the AI landscape as OpenAI finds itself squeezed between Google's consumer dominance and Anthropic&...
In this episode we cover, Autonomous Vehicles, sensors and AI. Claude Opus 4.5 cost drops, AI bubble concerns. KawaiiGPT and the risks associated with malicious model outputs. We close out with a brief chat about Time Warners parnership with Sano.
This episode focuses on Claude Code Sandboxing a security construct. They also talk about AI attacks with Claude Code that were orchestrated by a nation state actor. News topics on Gemini 3, Gemini AI Studio, AI transportation, and a novel idea with AI ads.
It looks like the previous summary was too long. Here is a summary of the podcast episode, limited to 4,000 characters.
The episode kicked off with the news of Amazon's largest-ever corporate layoffs , with reports citing 16,000 workers and potentially up to 30,000 employees affected across various units like video games, groceries, HR, and devices. This comes as Amazon is increasing its investments in AI , with a senior vice pr...
OpenAI's "Atlas" browser is seen as a strategic move to secure market share, with some calling it a "Chrome killer". By owning a piece of the web browser, OpenAI gains leverage in the search market, challenging Google. The browser's key feature is using the current web page as context for AI queries, effectively turning it into a "true super assistant". This represents a shift in the AI boom from the race for the best LLM performan...
The main focus is OpenAI's Agent Kit, dubbed a potential "N8N killer." Agent Kit includes Agent Builder, a drag-and-drop interface for creating agentic workflows, inspired by N8N but with enterprise features like guardrails (e.g., hallucination detection via vector stores, PII moderation, jailbreak prevention). It supports branching, human-in-the-loop approvals, and widgets for custom HTML/CSS templating (e.g., stylin...
Episode 10 of Before the Commit dives into three main themes: the AI investment bubble, Claude Code’s AI-powered security review tool, and AI security vulnerabilities like RAG-based attacks — closing with speculation about OpenAI’s Sora 2 video generator and the future of generative media.
Danny and Dustin open by comparing today’s AI investment surge to the 2008 mortgage and 2000 dot-com bubbles. Venture capitalists, they note, ove...
In episode nine, hosts explore open source AI models and introduce the "KILLM chain" segment on LLM vulnerabilities. Co-host Dustin mentions an upcoming move, prompting an early recording.
The discussion expands on last week's open source AI model talk, referencing Anthropic CEO Dario Amodei’s view that "open source model" is a misnomer. Unlike software’s editable source code, AI offers "open weights"—trained model parameters—but no...
In this episode, the hosts discuss the latest news and trends in AI, focusing on LLM caching, a new EU regulation on AI-generated code, the changing landscape for Stack Overflow, and a recent AI security vulnerability.
The hosts explain LLM caching as a technique to boost efficiency and cut costs for AI providers and developers. It involves saving parts of a prompt that are sent repeatedly, such as tool descriptions for a code agent...
Hosts Dustin Hillgartner and Danny Gershman discuss securing large language models (LLMs) amid rising "shadow AI" risks, where employees use unmonitored tools like ChatGPT, leading to unintentional data spills (e.g., sensitive info, code). Echoing shadow IT, they stress education, policies, and multi-layered defenses over bans, as prohibition drives underground use—studies show ~40% of workers admit to AI usage despite re...
This episode discussion AI coding topics, starting with MCP ("Model Context Protocol"), an open-source framework by Anthropic for reflective APIs. MCP enables LLMs to self-discover and use external capabilities dynamically, bypassing traditional API integration. It comprises four primitives:
- **Resources**: Read-only data access (e.g., databases, files) via path-like queries, ensuring security by limiting to retrieval. Example: Exp...
Before the Commit Episode 5 Summary
Hosts Dustin Hillgartner and co-host discuss Amazon's Kiro (pronounced "Kira Code" or "Cairo Code"), AWS history, AI coding security, and news on AI browsers and emotional distress.
AWS Origins and AI Impact: Amazon started as a 2000s bookstore; hosts recall buying used textbooks. To scale, it built data centers, launching AWS in 2006 with S3 (storage) and EC2 (compute). This revolutionized dev: by...
In this episode of Before the Commit, the hosts dive deep into the evolving landscape of software development, automation, and AI’s role in reshaping industries beyond tech. The discussion spans GitHub Actions with Cloud Code, the challenges of technical debt in an AI-driven era, the evolution of agile practices, and the disruptive effects of AI in creative fields like music and film.
The conversation opens with a focus on Cloud Cod...
In episode three of "Before the Commit," the hosts delve into a detailed comparison of AI coding assistants, the implications of the new GPT-5 model, the evolution of search optimization, and a plausible AI-related security threat.
The discussion opens with a deep dive into Claude Code, which one host now uses almost exclusively over Cursor. While Cursor is a polished IDE, Claude Code is a more powerful command-line interface (CLI) ...
🎧 Before the Commit – Episode 2
The Future of Coding Isn’t Coming — It’s Already Here.
In this episode, we dive into the cutting edge of agent-powered development with Cursor’s new background agents — are we on the verge of coding without ever opening an IDE? Can AI truly handle the dev work while you're at a baseball game?
We explore how top tools like Grok 4 and Claude are changing the game, discuss a wild experiment where an entir...
Kilo Code, Cloudflare Blocks, and Apple Intelligence Shifts
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!