Player FM - Internet Radio Done Right
Checked 12d ago
Added four years ago
Content provided by Chris Hughes. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chris Hughes or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
Podcasts Worth a Listen
SPONSORED
S
Squid Game: The Official Podcast


Squid Game is back—and this time, the knives are out. In the thrilling Season 3 premiere, Player 456 is spiraling and a brutal round of hide-and-seek forces players to kill or be killed. Hosts Phil Yu and Kiera Please break down Gi-hun’s descent into vengeance, Guard 011’s daring betrayal of the Game, and the shocking moment players are forced to choose between murdering their friends… or dying. Then, Carlos Juico and Gavin Ruta from the Jumpers Jump podcast join us to unpack their wild theories for the season. Plus, Phil and Kiera face off in a high-stakes round of “Hot Sweet Potato.” SPOILER ALERT! Make sure you watch Squid Game Season 3 Episode 1 before listening on. Play one last time. IG - @SquidGameNetflix X (f.k.a. Twitter) - @SquidGame Check out more from Phil Yu @angryasianman , Kiera Please @kieraplease and the Jumpers Jump podcast Listen to more from Netflix Podcasts . Squid Game: The Official Podcast is produced by Netflix and The Mash-Up Americans.…
Resilient Cyber w/ Jit - Agentic AI for AppSec is Here
Manage episode 475891700 series 2947250
Content provided by Chris Hughes. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chris Hughes or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we sit down with David Melamed and Shai Horovitz of the Jit team.
We discussed Agentic AI for AppSec and how security teams use it to get real work done.
We covered a lot of key topics, including:
- What some of the systemic problems facing AppSec are, even before the widespread adoption of AI, such as vulnerability prioritization, security technical debt and being outnumbered exponentially by Developers.
- The surge of interest and investment in AI and agentic workflows for AppSec, and why AppSec is an appealing space for this sort of investment and excitement.
- How the prior wave of AppSec tooling was focused on findings problems, riding the wave of shift left but how this has led to alert fatigue and overload, and how the next-era of AppSec tools will need to focus on not just finding but actually fixing problems.
- Some of the unique capabilities and features the Jit team has been working on, such as purpose-built agents in areas such as SecOps, AppSec and Compliance, as well as context-graphs with organizational insights to drive effective remediation.
- The role of Agentic AI and how it will help tackle some of the systemic challenges in the AppSec industry.
- Addressing concerns around privacy and security when using AI, by leveraging offerings from CSPs and integrating guardrails and controls to mitigate risks.
170 episodes
Manage episode 475891700 series 2947250
Content provided by Chris Hughes. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chris Hughes or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we sit down with David Melamed and Shai Horovitz of the Jit team.
We discussed Agentic AI for AppSec and how security teams use it to get real work done.
We covered a lot of key topics, including:
- What some of the systemic problems facing AppSec are, even before the widespread adoption of AI, such as vulnerability prioritization, security technical debt and being outnumbered exponentially by Developers.
- The surge of interest and investment in AI and agentic workflows for AppSec, and why AppSec is an appealing space for this sort of investment and excitement.
- How the prior wave of AppSec tooling was focused on findings problems, riding the wave of shift left but how this has led to alert fatigue and overload, and how the next-era of AppSec tools will need to focus on not just finding but actually fixing problems.
- Some of the unique capabilities and features the Jit team has been working on, such as purpose-built agents in areas such as SecOps, AppSec and Compliance, as well as context-graphs with organizational insights to drive effective remediation.
- The role of Agentic AI and how it will help tackle some of the systemic challenges in the AppSec industry.
- Addressing concerns around privacy and security when using AI, by leveraging offerings from CSPs and integrating guardrails and controls to mitigate risks.
170 episodes
All episodes
×R
Resilient Cyber

1 Resilient Cyber w/ AJ Yawn - Transforming Compliance Through GRC Engineering 35:53
35:53
Play Later
Play Later
Lists
Like
Liked35:53
In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance. We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era. We dove into: What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and Compliance What some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API’s, Automation and now AI Specific examples of GRC Engineering, including the use of automation, API’s and cloud-native services to streamline security control implementation, assessment and reporting The promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplier AJ’s new book “ GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering ”…
R
Resilient Cyber

1 Resilient Cyber w/ Patrick Duffy: Securing the Modern Workspace 19:32
19:32
Play Later
Play Later
Lists
Like
Liked19:32
In this episode of Resilient Cyber, we chat with Patrick Duffy, Product Manager at Material Security, on Securing the Modern Workspace. The conversation will include discussions about the increased adoption of cloud office suites, limitations of traditional security approaches, and a deep dive into how Material Security is tackling issues such as securing email and data, identity threat detection, and posture management. Stepping back a bit before we get too specific, we've seen major fundamental shifts in the way organizations work and operate today, including widespread adoption of Cloud Office Suites (e.g., Google Workspaces, Microsoft 365, etc.). How have these shifts changed the threat landscape, and what sort of issues are we seeing with traditional security practices when it comes to securing these environments? We know phishing and email attacks are common and critical to protect against, but what about challenges around visibility of accounts/activity, sensitive data, and secure configurations and posture? Getting more specific to Material, can you help us understand how you all approach this problem space from a platform and offering perspective? What are some key features and abilities Material Security customers utilize to secure their cloud office suite environments, and what threats do they help against? What are some key differentiators for Material compared to some of the other vendors working on this problem, or even how do you all differ from some of the native security capabilities of environments such as M365 or Google Workspace? This space continues to evolve, both in terms of the cloud workspace environments and their usage by organizations and the relevant threats. How is Material preparing for these changes, whether it's the widespread adoption of AI, increased complexity, and so on It's always great to hear some first-hand use cases and applications. Can you share some examples where Material Security has found success with specific customers and users of the solution? We've covered everything from the pitfalls and shortcomings of traditional security approaches to cloud office suites to where the market is headed. Where can folks learn more about Material, and what should we keep an eye out for next?…
R
Resilient Cyber

1 Resilient Cyber w/ Bob Ritchie - Securing Federal & Defense Digital Modernization 40:58
40:58
Play Later
Play Later
Lists
Like
Liked40:58
In this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI. Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commercial side. We covered the current state of the federal cloud community across multiple clouds (e.g., Azure, AWS, and GCP) and some of the challenges and opportunities on the security front. We often hear phrases such as “identity is the new perimeter,” but the perimeter is porous and problematic, especially in large, disparate environments such as the Federal/Defense ecosystem. Bob touched on the current state of identity security in this ecosystem, where progress is being made and what challenges still need to be tackled. The government is doing a big push towards Zero Trust, with the Cyber EO 14028, Federal/Defense ZT strategies, and more. But how much progress is being made on ZT, and where can we look for examples of innovation and success? We dove into the rise of excitement and adoption of AI, GenAI, Agentic AI, and protocols such as MCP, A2A, and where the public sector community can lean into Agentic AI for use cases ranging from SecOps, AppSec, GRC, and more. Bob explains how he balances a good business focus while staying deep in the weeds and proficient in relevant emerging technologies and nuances required as a CTO. I’ve known Bob for several years, and you would be hard pressed to find a more competent technology leader. This is not one to miss!…
R
Resilient Cyber

1 Resilient Cyber w/ Wade Baker - Data Driven Incident Impact Analysis 45:55
45:55
Play Later
Play Later
Lists
Like
Liked45:55
In this episode, I sit down with longtime industry researcher Wade Baker to dive into Cyentia's latest IRIS report . The report provides a data-driven look at incident trends, impacts, costs, and more. Are cyber incidents becoming more or less frequent? Are specific industries doing better than others? What does the average incident impact actually look like? Tune in to learn the answers, along with many other interesting insights! The report found that the number of security incidents continue to climb YoY, which isn’t a surprise, although there has been peaks and valleys throughout various periods, note the huge uptick in 2021~ Similar to recent reports such as DBIR and M-Trends, application exploitation (e.g., system intrusion) is climbing. In contrast, methods such as physical threat and others have declined due to increased cloud adoption, virtual infrastructure, and so on. One finding that may surprise some is that the proportion of incidents is going down for some organizations, particularly the largest enterprises, while it is going up for SMBs and smaller organizations. This ties to concepts such as the cybersecurity poverty line, which I have discussed in other articles, such as with Ross Haleliuk in our article “ Lifting the world out of cybersecurity poverty .” This is likely due to factors such as large enterprise organizations having robust security teams, larger budgets, being able to afford the latest security tooling and more, while SMB’s often fail to have many of these and deal with resource constraints in both dollars and expertise. We also see sectors which had historically low incidents now climbing, likely due to factors such as increased adoption of software and being digitally connected, as well as being a previously untapped sector for attackers…
R
Resilient Cyber

1 Resilient Cyber w Phil Venables Security Leadership: Vulnerabilities to VC 30:37
30:37
Play Later
Play Later
Lists
Like
Liked30:37
In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspective The double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community. Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow…
R
Resilient Cyber

1 Resilient Cyber w/ Vineeth Sai Narajala: Model Context Protocol (MCP) - Potential & Pitfalls 18:32
18:32
Play Later
Play Later
Lists
Like
Liked18:32
In this episode, I discuss the Model Context Protocol (MCP) with the OWASP GenAI Co-Lead for Agentic Application Security, Vineeth Sai Narajala. We will discuss MCP's potential and pitfalls, its role in the emerging Agentic AI ecosystem, and how security practitioners should consider secure MCP enablement. We discussed: MCP 101, what it is and why it matters The role of MCP as a double-edged sword, offering opportunities but additional risks and considerations from a security perspective Vineeth's work on the "Vulnerable MCP" project is a repository of MCP risks, vulnerabilities, and corresponding mitigations. How MCP is also offering tremendous opportunities on the security-enabling side, extending security capabilities into AI-native platforms such as Claude and Cursor, and security vendors releasing their own MCP servers Where we see MCP heading from a research and implementation perspective Additional Resources: Anthropic - Introducing the Model Context Protocol (MCP) Enhanced Tool Definition Interface (ETDI): A Security Fortification for the Model Context Protocol Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies Vulnerable MCP Project…
R
Resilient Cyber

1 Resilient Cyber w/ Jay Jacobs & Michael Roytman - VulnMgt Modernization & Localized Modeling 33:53
33:53
Play Later
Play Later
Lists
Like
Liked33:53
In this episode, I sit with long-time vulnerability management and data science experts Jay Jacobs and Michael Roytman , who recently co-founded Empirical Security . We dive into the state of vulnerability management, including: How it is difficult to quantify and evaluate the effectiveness of vulnerability prioritization and scoring schemes, such as CVSS, EPSS, KEV, and proprietary vendor prioritization frameworks, and what can be done better Systemic challenges include setbacks in the NIST National Vulnerability Database (NVD) program, the MITRE CVE funding fiasco, and the need for a more resilient vulnerability database and reporting ecosystem. Domain-specific considerations when it comes to vulnerability identifiers and vulnerability management, in areas such as AppSec, Cloud, and Configuration Management, and using data to make more effective decisions The overuse of the term “single pane of glass” and some alternatives Empirical’s innovative approach to “localized” models when it comes to vulnerability management, which takes unique organizational and environmental considerations into play, such as mitigating controls, threats, tooling, and more, and how they are experimenting with this new approach for the industry…
R
Resilient Cyber

1 Resilient Cyber: Ravid Circus - Tackling the Prioritization Crisis in Cyber 23:02
23:02
Play Later
Play Later
Lists
Like
Liked23:02
In this episode, we sit down with the Co-Founder and CPO of Seemplicity , Ravid Circus , to discuss tackling the prioritization crisis in cybersecurity and how AI is changing vulnerability management. We dove into a lot of great topics, including: The massive challenge of not just finding and managing vulnerabilities but also remediation, with Seemplicity’s Year in Review report finding organizations face 48.6 million vulnerabilities annually and only 1.7 % of them are critical. That still means hundreds of thousands to millions of vulnerabilities need to be remedied - and organizations struggle with this, even with the context of what to prioritize. There’s a lot of excitement around AI in Cyber, including in GRC, SecOps, and, of course, AppSec and vulnerability management. How do you discern between what is hype and what can provide real outcomes? What practical steps can teams take to bridge the gap between AI’s ability to find problems and security teams’ ability to fix them? One of the major issues is determining who is responsible for fixing findings in the space of Remediation Operations, where Seemplicity specializes. Ravid talks about how, both technically and culturally, Seemplicity addresses this challenge of finding the fixer. What lies ahead for Seemplicity this year with RSA and beyond…
R
Resilient Cyber

1 Resilient Cyber w/ Varun Badhwar - AI for AppSec - Beyond the Buzzwords 26:44
26:44
Play Later
Play Later
Lists
Like
Liked26:44
In this episode, we sit down with Varun Badhwar , Founder and CEO of Endor Labs , to discuss the state of AI for AppSec and move beyond the buzzwords. We discussed the rapid adoption of AI-driven development, its implications for AppSec, and how AppSec can leverage AI to address longstanding challenges and mitigate organizational risks at scale. Varun and I dove into a lot of great topics, such as: The rise of GenAI and LLMs and their broad implications on Cybersecurity The dominant use case of AI-driven development with Copilots and LLM written code, leading to a Developer productivity boost. AppSec has struggled to keep up historically, with vulnerability backlogs getting out of control. What will the future look like now? Studies show that AI-driven development and Copilots don’t inherently produce secure code, and frontier models are primarily trained on open source software, which has vulnerabilities and other risks. What are the implications of this for AppSec? How can AppSec and Cyber leverage AI and agentic workflows to address systemic security challenges? Developers and attackers are both early adopters of this technology. Navigating vulnerability prioritization, dealing with insecure design decisions and addressing factors such as transitive dependencies. The importance of integrating with developer workflows, reducing cognitive disruption and avoiding imposing a “Developer Tax” with legacy processes and tooling from security.…
R
Resilient Cyber

1 Resilient Cyber w/ Jit - Agentic AI for AppSec is Here 28:03
28:03
Play Later
Play Later
Lists
Like
Liked28:03
In this episode, we sit down with David Melamed and Shai Horovitz of the Jit team. We discussed Agentic AI for AppSec and how security teams use it to get real work done. We covered a lot of key topics, including: What some of the systemic problems facing AppSec are, even before the widespread adoption of AI, such as vulnerability prioritization, security technical debt and being outnumbered exponentially by Developers. The surge of interest and investment in AI and agentic workflows for AppSec, and why AppSec is an appealing space for this sort of investment and excitement. How the prior wave of AppSec tooling was focused on findings problems, riding the wave of shift left but how this has led to alert fatigue and overload, and how the next-era of AppSec tools will need to focus on not just finding but actually fixing problems. Some of the unique capabilities and features the Jit team has been working on, such as purpose-built agents in areas such as SecOps, AppSec and Compliance, as well as context-graphs with organizational insights to drive effective remediation. The role of Agentic AI and how it will help tackle some of the systemic challenges in the AppSec industry. Addressing concerns around privacy and security when using AI, by leveraging offerings from CSPs and integrating guardrails and controls to mitigate risks.…
R
Resilient Cyber

1 Resilient Cyber w/ Piyush Sharrma - AI-Powered Defense & Security Mesh 29:10
29:10
Play Later
Play Later
Lists
Like
Liked29:10
In this episode, we sit down with Piyush Sharrma, CEO and co-founder of the Tuskira team. They're an AI-powered defense optimization platform innovating around leveraging an Agentic Security Mesh. We will dive into topics such as Platform vs. Point Solutions, Security Tool Sprawl, Alert Fatigue, and how AI can create "intelligent" layers to unify and enhance security tooling ROI. We discussed: What drove Piyush to jump back into the startup space after successfully exiting from a previous startup he helped found The industry debate around Platform vs. Point Solutions or Best-of-Breed and the perspectives between industry industry leaders and innovative startups Dealing with the challenge of alert fatigue security and development teams and the role of AI in reducing cognitive overload and providing insight into organizational risks across tools, tech stacks, and architectures The role of AI in providing intelligence layers or an Agentic Security Mesh across existing security tools and defenses and mitigating organizational risks beyond isolated vulnerability scans by looking at compensating controls, configurations, and more. Shifting security from a reactionary model around incident response and exploitation to a preemptive risk defense model that minimizes attack surface and optimizes existing security investments and architectures…
R
Resilient Cyber

1 Resilient Cyber w/ Elad Schulman - Secure Enterprise LLM/GenAI Adoption 32:33
32:33
Play Later
Play Later
Lists
Like
Liked32:33
We sit with Lasso Security CEO and Co-Founder Elad Schulman in this episode. Lasso focuses on secure enterprise LLM/GenAI adoption, from LLM Applications, GenAI Chatbots, Code Protection, Model Red Teaming, and more. Check them out at https://lasso.security We dove into a lot of great topics, such as: Dealing with challenges around visibility and governance of AI, much like previous technological waves such as mobile, Cloud, and SaaS Unique security considerations for different paths of using and building with AI, such as self-hosted models and consuming models as-a-service from SaaS LLM providers Potential vulnerabilities and threats associated with AI-driven development products such as Copilots and Coding assistants Software Supply Chain Security (SSCS) risks such as package hallucinations, and both safeguarding the data that goes out to external coding tools, as well as secure consumption of the data coming into the organization Securing AI itself and dealing with risks and threats such as model poisoning and implementing model red teaming Lasso discovered several critical concerns in their AI security research, such as Microsoft’s Copilot exposing thousands of private GitHub repos…
R
Resilient Cyber

1 Resilient Cyber w/ Sergej Epp - Cloud-native Runtime Security & Usage 32:13
32:13
Play Later
Play Later
Lists
Like
Liked32:13
In this episode, we sit with security leader and venture investor Sergej Epp to discuss the Cloud-native Security Landscape. Sergej currently serves as the Global CISO and Executive at Cloud Security leader Sysdig and is a Venture Partner at Picus Capital. We will dive into some insights from Sysdig's recent " 2025 Cloud-native Security and Usage Report ." Big shout out to our episode sponsor, Yubico ! Passwords aren’t enough. Cyber threats are evolving, and attackers bypass weak authentication every day. YubiKeys provides phishing-resistant security for individuals and businesses—fast, frictionless, and passwordless. Upgrade your security: https://yubico.com Sergj and I dove into a lot of great topics related to Cloud-native Security, including: Some of the key trends in the latest Sysdig 2025 Cloud-native Security Report and trends that have stayed consistent YoY. Sergj points out that while attackers have stayed consistent, organizations have and continue to make improvements to their security Sergj elaborated on his current role as Sysdig’s internal CISO and his prior role as a field CISO and the differences between the two roles in terms of how you interact with your organization, customers, and the community. We unpacked the need for automated Incident Response, touching on how modern cloud-native attacks can happen in as little as 10 minutes and how organizations can and do struggle without sufficient visibility and the ability to automate their incident response. The report points out that machine identities, or Non-Human Identities (NHI), are 7.5 times riskier than human identities and that there are 40,000 times more of them to manage. This is a massive problem and gap for the industry, and Sergj and I walked through why this is a challenge and its potential risks. Vulnerability prioritization continues to be crucial, with the latest Sysdig report showing that just 6% of vulnerabilities are “in-use”, or reachable. Still, container bloat has ballooned, quintupling in the last year alone. This presents real problems as organizations continue to expand their attack surface with expanded open-source usage but struggle to determine what vulnerabilities truly present risks and need to be addressed. We covered the challenges with compliance, as organizations wrestle with multiple disparate compliance frameworks, and how compliance can drive better security but also can have inverse impacts when written poorly or not keeping pace with technologies and threats. We rounded out the conversation with discussing AI/ML packages and the fact they have grown by 500% when it comes to usage, but organizations have decreased public exposure of AI/ML workloads by 38% since the year prior, showing some improvements are being made to safeguarding AI workloads from risks as well.…
R
Resilient Cyber

1 Resilient Cyber w/ Lior Div & Nate Burke - Agentic AI & the Future of Cyber 36:25
36:25
Play Later
Play Later
Lists
Like
Liked36:25
In this episode, we sit down with Lior Div and Nate Burke of 7AI to discuss Agentic AI, Service-as-Software, and the future of Cybersecurity. Lior is the CEO/Co-Founder of 7AI and a former CEO/Co-Founder of Cybereason, while Nate brings a background as a CMO with firms such as Axonius, Nagomi, and now 7AI . Lior and Nate bring a wealth of experience and expertise from various startups and industry-leading firms, which made for an excellent conversation. We discussed: The rise of AI and Agentic AI and its implications for cybersecurity. Why the 7AI team chose to focus on SecOps in particular and the importance of tackling toil work to reduce cognitive overload, address workforce challenges, and improve security outcomes. The importance of distinguishing between Human and Non-Human work, and why the idea of eliminating analysts is the wrong approach. Being reactive and leveraging Agentic AI for threat hunting and proactive security activities. The unique culture that comes from having the 7AI team in-person on-site together, allowing them to go from idea to production in a single day while responding quickly to design partners and customer requests. Challenges of building with Agentic AI and how the space is quickly evolving and growing. Key perspectives from Nate as a CMO regarding messaging around AI and getting security to be an early adopter rather than a laggard when it comes to this emerging technology. Insights from Lior on building 7AI compared to his previous role, founding Cybereason, which went on to become an industry giant and leader in the EDR space.…
R
Resilient Cyber

1 Resilient Cyber w/ Chenxi Wang - The Intersection of AI & Cybersecurity 36:25
36:25
Play Later
Play Later
Lists
Like
Liked36:25
In this episode, we sit down with Investor, Advisor, Board Member, and Cybersecurity Leader Chenxi Wang to discuss the interaction of AI and Cybersecurity, what Agentic AI means for Services-as-a-Software, as well as security in the boardroom Chenxi and I covered a lot of ground, including: When we discuss AI for Cybersecurity, it is usually divided into two categories: AI for Cybersecurity and Securing AI. Chenxi and I walk through the potential for each and which one she finds more interesting at the moment. Chenxi believes LLMs are fundamentally changing the nature of software development, and the industry's current state seems to support that. We discussed what this means for Developers and the cybersecurity implications when LLMs and Copilots create the majority of code and applications. LLMs and GenAI are currently being applied to various cybersecurity areas, such as SecOps, GRC, and AppSec. Chenxi and I unpack which areas AI may have the greatest impact on and the areas we see the most investment and innovation in currently. As mentioned above, there is also the need to secure AI itself, which introduces new attack vectors, such as supply chain attacks, model poisoning, prompt injection, and more. We cover how organizations are currently dealing with these new attack vectors and the potential risks. The biggest buzz of 2025 (and beyond) is Agentic AI or AI Agents, and their potential to disrupt traditional services work represents an outsized portion of cybersecurity spending and revenue. Chenxi envisions a future where Agentic AI and Services-as-a-Software may change what cyber services look like and how cyber activities are conducted within an organization. If you aren’t already following Chenxi Wang on LinkedIn, I strongly recommend you do. I have a lot of connections, but she is someone when I see a post, I am sure to stop and read because she shares a TON of great insights from the boardroom, investment, cyber, startups, AI, and more. I’m thankful to have her on the show to come chat!…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.