In this episode, we break down the “AI Vulnerability Storm” and what happens when AI can find—and exploit—vulnerabilities faster than humans can fix them.

We explore how compressed OODA loops are shifting the balance toward attackers, why traditional scoring like CVSS may start to break down, and whether “just patch faster” is even realistic anymore. The team also questions the push toward AI agents everywhere—and whether fighting A...

In this episode, we explore a simple but surprisingly deep question: what would application security look like if generative AI never existed? We break down how AppSec might still rely on deterministic, rule-based approaches, what we might gain in structure and rigor, and what we’d lose in speed, scale, and accessibility. Along the way, we debate whether AI is truly improving security or just accelerating existing problems, from “v...

We made it to 100 episodes, so naturally, we decided to look back and see how wrong we’ve been. In this episode, we revisit some of our past topics, predictions, and hot takes to figure out what still holds up and what didn’t quite land. From “we don’t know what we don’t know” to the evolution of security tools, we reflect on what’s changed, what hasn’t, and why some problems never seem to go away. Along the way, we compare where w...

In this episode, we dive into the messy reality of AI agents acting inside your systems and what that means for modern security. We explore the idea of agents as actors with real access—credentials, APIs, and permissions—and why this isn’t as new as it sounds (hint: it’s just applications all over again). We unpack where things actually get risky, from over-permissioned agents to unpredictable behavior driven by prompts, and why “i...

In this episode, we dive into the strange world of invisible Unicode attacks and what they could mean for modern software security. We explore how hidden characters can be used to conceal malicious code within packages, why this isn’t entirely a new problem, and whether current tools, such as linters and SAST, are equipped to detect it. We also question the role of LLMs in both enabling and detecting these attacks, and whether this...

In this episode, we discuss the implications of AI technologies like OpenClaw and Moltbot, exploring the potential threats and societal changes that may arise from their integration into daily life. We talk about the nature of AI communication, the concept of agentic AI, and the philosophical questions surrounding the future of human and machine interaction. Per usual our conversation is laced with humor and skepticism about the ra...

Are cybersecurity technologies really dead, or are reports of their demise greatly exaggerated? Today’s episode is a discussion on how AI is reshaping the classic build vs. buy debate, empowering non-engineers to create working prototypes and potentially reviving the DIY coding culture of pre-open-source days. We also talk about how developers trained on open source are now leveraging AI built from that same foundation, raising que...

We’re predicting what 2026 has in store for AI and cybersecurity. We explore the wild possibilities of AI integration gone wrong, from people accidentally connecting their AI to sensitive file systems to blaming their AI agents for losing critical data. The conversation takes a thoughtful turn as they debate which jobs might fall to AI automation and if the human touch is still irreplaceable? Examining real examples like the "...

We’re pulling back the curtain on the technology industry to reveal what life looks like when you're constantly aware of what can go wrong. From the loss of childlike wonder when encountering new tech to the ethical dilemmas posed by autonomous vehicles, we discuss the unique burden of seeing technology's darker possibilities. We’re examining how years of witnessing security breaches and system failures shape a profession...

What do roller coasters and threat modeling have in common? More than you'd think. In this episode, we explore how security professionals view risk differently than everyone else—and why that matters. From roller coaster anxiety to the ethics of identifying danger, we dive into the unique mindset that comes with being a threat modeler. Because once you learn to see threats everywhere, there's no going back.

FOLLOW OUR SOCI...

Is the cybersecurity industry facing a security problem or a software quality problem? In this episode, we’re tackling the controversial claim that AI advancements could make security teams obsolete—and uncover the deeper issues plaguing software development. The conversation reveals an uncomfortable truth: software companies often transfer the risk of vulnerabilities to customers, creating a system where there's little incent...

We’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role of ethical considerations in cybers...

We’re debating the concepts of 'Shift Left' and 'Shift Down' in the world of cybersecurity. We explore the intricacies of developer responsibility, the impact of modern AI on code security, and the delicate balance between innovation and secure coding practices. Join us for a thought-provoking discussion that ranges from keeping our digital world secure, efficient and, most importantly, simple. 

The Modernization...

We’re diving into the relevance and execution of threat modeling within agile development environments. We dissect the claims, explore the true integration of agile practices with threat modeling, and address the misconceptions and challenges commonly faced. Check out the episode to find out if threat modeling is indeed slowing down agile processes or if it can be seamlessly integrated for better security outcomes.

The Problem W...

We’re discussing the intriguing world of cyber privateers and the concept of 'hacking back' against cyber criminals. The discussion centers around a proposed bill in the U.S. Congress, H.R. 4988, that aims to authorize private individuals to pursue cyber criminals with the full backing of government-issued letters of marque. We explore the historical context of privateers, the potential legal and ethical implications, and...

Dr. Kim Wuyts and Avi Douglen join us in today's episode. Both guests are fresh from their training sessions at Black Hat and DEF CON in Las Vegas and share a quick overview of their experiences. We discuss a newly developed privacy awareness card game called 'Context and Cringe,' which aims to educate participants about privacy issues in a fun and interactive way. We also cover an upcoming training session at Global...

We’re discussing the article, “Agentic AI Threat Modeling Framework: Maestro published back in February of this year on the Cloud Security Alliance blog. We discuss the various layers, patterns, and threats outlined in the framework, comparing it to existing methodologies like STRIDE and PASTA, and evaluate Maestro's structure, its potential complexity for developers, and its overall practicality and usefulness in the threat m...

We’re talking about the rise of "vibe startups" - entrepreneurs hunting for problems to solve rather than building solutions from personal experience. We chat about AI security challenges, questioning whether these are truly new problems or just old security concepts repackaged for the AI era. From prompt injection and guardrails to the scary reality of AI agents acting as humans, we examine whether the industry's ob...

What are the core competencies that matter most for modern application security teams? Today we discuss understanding code and systems thinking and the crucial ability to assess risk in context - plus why your AppSec team might eventually get absorbed into engineering (and why it could be a good thing). We debate the role of developer mindset in security, the importance of technical depth over tool knowledge, and how to build teams...