In this episode, to kick of 2025, we dive deep into AI and cybersecurity predictions for 2025 exploring the opportunities, challenges, and trends shaping the future of the industry.

Our hosts, Ashish Rajan and Caleb Sima sat down to discuss the evolution of SOC automation and its real-world impact on cybersecurity, the practical use cases for AI-enhanced security tools in organizations, why data security might be the real winner in 2025, the potential of agentic AI and its role in transforming security operations and predictions for AI-powered startups and their production-ready innovations in 2025.

Questions asked:

(00:00) Introduction

(06:32) Current AI Innovation in Cybersecurity

(21:57) AI Security Predictions for 2025

(25:02) Data Security and AI in 2025

(30:56) The rise of Agentic AI

(35:40) Planning for AI Skills in the team

(42:53) What to ditch from 2024?

(48:00) AI Making Security Predictions for 2025

Host Caleb Sima and Ashish Rajan caught up with experts Daniel Miessler (Unsupervised Learning), Joseph Thacker (Principal AI Engineer, AppOmni) to talk about the true vulnerabilities of AI applications, how prompt injection is evolving, new attack vectors through images, audio, and video and predictions for AI-powered hacking and its implications for enterprise security.

Whether you're a red teamer, a blue teamer, or simply curious about AI's impact on cybersecurity, this episode is packed with expert insights, practical advice, and future forecasts. Don’t miss out on understanding how attackers leverage AI to exploit vulnerabilities—and how defenders can stay ahead.

Questions asked:

(00:00) Introduction

(02:11) A bit about Daniel Miessler

(02:22) A bit about Rez0

(03:02) Intersection of Red Team and AI

(07:06) Is red teaming AI different?

(09:42) Humans or AI: Better at Prompt Injection?

(13:32) What is a security vulnerability for a LLM?

(14:55) Jailbreaking vs Prompt Injecting LLMs

(24:17) Whats new for Red Teaming with AI?

(25:58) Prompt injection in Multimodal Models

(27:50) How Vulnerable are AI Models?

(29:07) Is Prompt Injection the only real threat?

(31:01) Predictions on how prompt injection will be stored or used

(32:45) What’s changed in the Bug Bounty Toolkit?

(35:35) How would internal red teams change?

(36:53) What can enterprises do to protect themselves?

(41:43) Where to start in this space?

(47:53) What are our guests most excited about in AI?

Resources

Daniel's Webpage - Unsupervised Learning

Joseph's Website

In this jam-packed episode, with our panel we explored the current state and future of AI in the cybersecurity landscape. Hosts Caleb Sima and Ashish Rajan were joined by industry leaders Jason Clinton (CISO, Anthropic), Kristy Hornland (Cybersecurity Director, KPMG) and Vijay Bolina (CISO, Google DeepMind) to dive into the critical questions surrounding AI security.

Questions asked:

(00:00) Introduction

(02:28) A bit about Kristy Hornland

(02:50) A bit about Jason Clinton

(03:08) A bit about Vijay Bolina

(04:04) What are frontier/foundational models?

(06:13) Open vs Closed Model

(08:02) Securing Multimodal models and inputs

(12:03) Business use cases for AI use

(13:34) Blindspots with AI Security

(27:19) What is RPA?

(27:47) AI’s talking to other AI’s

(32:31) Third Party Risk with AI

(38:42) Enterprise view of risk with AI

(40:30) CISOs want Visibility of AI Usage

(45:58) Third Party Risk Management for AI

(52:58) Starting point for AI in cybersecurity program

(01:02:00) What the panelists have found amazing about AI

In this episode of the AI Cybersecurity Podcast, Caleb and Ashish sat down with Vijay Bolina, Chief Information Security Officer at Google DeepMind, to explore the evolving world of AI security. Vijay shared his unique perspective on the intersection of machine learning and cybersecurity, explaining how organizations like Google DeepMind are building robust, secure AI systems.

We dive into critical topics such as AI native security, the privacy risks posed by foundation models, and the complex challenges of protecting sensitive user data in the era of generative AI. Vijay also sheds light on the importance of embedding trust and safety measures directly into AI models, and how enterprises can safeguard their AI systems.

Questions asked:

(00:00) Introduction

(01:39) A bit about Vijay

(03:32) DeepMind and Gemini

(04:38) Training data for models

(06:27) Who can build an AI Foundation Model?

(08:14) What is AI Native Security?

(12:09) Does the response time change for AI Security?

(17:03) What should enterprise security teams be thinking about?

(20:54) Shared fate with Cloud Service Providers for AI

(25:53) Final Thoughts and Predictions

What were the key AI Cybersecurity trends at ⁠BlackHat USA⁠? In this episode of the AI Cybersecurity Podcast, hosts ⁠Ashish Rajan⁠ and ⁠Caleb Sima⁠ dive into the key insights from Black Hat 2024. From the AI Summit to the CISO Summit, they explore the most critical themes shaping the cybersecurity landscape, including deepfakes, AI in cybersecurity tools, and automation. The episode also features discussions on the rising concerns among CISOs regarding AI platforms and what these mean for security leaders.

Questions asked:

(00:00) Introduction

(02:49) Black Hat, DEF CON and RSA Conference

(07:18) Black Hat CISO Summit and CISO Concerns

(11:14) Use Cases for AI in Cybersecurity

(21:16) Are people tired of AI?

(21:40) AI is mostly a side feature

(25:06) LLM Firewalls and Access Management

(28:16) The data security challenge in AI

(29:28) The trend with Deepfakes

(35:28) The trend of pentest automation

(38:48) The role of an AI Security Engineer

In this episode of the AI Cybersecurity Podcast, we dive deep into the latest findings from Google's DeepMind report on the misuse of generative AI. Hosts Ashish and Caleb explore over 200 real-world cases of AI misuse across critical sectors like healthcare, education, and public services. They discuss how AI tools are being used to create deepfakes, fake content, and more, often with minimal technical expertise. They analyze these threats from a CISO's perspective but also include an intriguing comparison between human analysis and AI-generated insights using tools like ChatGPT and Anthropic's Claude. From the rise of AI-powered impersonation to the manipulation of public opinion, this episode uncovers the real dangers posed by generative AI in today’s world.

Questions asked:

(00:00) Introduction

(03:39) Generative Multimodal Artificial Intelligence

(09:16) Introduction to the report

(17:07) Enterprise Compromise of GenAI systems

(20:23) Gen AI Systems Compromise

(27:11) Human vs Machine

Resources spoken about during the episode:

Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data

How much can we really trust AI-generated code more over Human generated Code today? How does AI-Generated code compare to Human generated code in 2024? Caleb and Ashish spoke to Guy Podjarny, Founder and CEO at Tessl about the evolving world of AI generated code, the current state and future trajectory of AI in software development. They discuss the reliability of AI-generated code compared to human-generated code, the potential security risks, and the necessary precautions organizations must take to safeguard their systems.

Guy has also recently launched his own podcast with Simon Maple called The AI Native Dev, which you can check out if you are interested in hearing more about the AI Native development space.

Questions asked:

(00:00) Introduction

(02:36) What is AI Generated Code?

(03:45) Should we trust AI Generated Code?

(14:34) The current usage of AI in Code Generated

(18:27) Securing AI Generated Code

(23:44) Reality of Security AI Generated Code Today

(30:22) The evolution of Security Testing

(37:36) Where to start with AI Security today?

(50:18) Evolution of the broader cybersecurity industry with AI

(54:03) The Positives of AI for Cybersecurity

(01:00:48) The startup Landscape around AI

(01:03:16) The future of AppSec

(01:05:53) The future of security with AI

Which AI Security Framework is right for you? As AI is gaining momentum, we are starting to see quite a few frameworks appearing but the question is, which one should you start with and can AI help you decide! Caleb and Ashish tackle this challenge head-on, comparing three major AI security frameworks: Databricks, NIST, and OWASP Top 10. They break down the key components of each framework, discuss practical implementation strategies, and provide actionable insights for CISOs and security leaders. They may have had some help along the way.

Questions asked:

(00:00) Introduction

(02:54) Databricks AI Security Framework (DASF)

(06: 38) Top 3 things from DASF by Claude 3

(07:32) Top 3 things from DASF by ChatGPT

(08:46) DASF Use Case Scenario

(11:01) Thoughts on DASF

(13:18) OWASP Top 10 for LLM Models

(20:12) Google's Secure AI Framework (SAIF)

(21:31) NIST AI Risk Management Framework

(25:18) Claude 3 summarises NIST RMF for 5 year old

(28:00) ChatGPT compares NIST RMF and NIST CSF

(28:48) How do the frameworks compare?

(36:46) Summary of all the frameworks

Resources from this episode:

Databricks AI Security Framework (DASF)

OWASP Top 10 for LLM

NIST AI Risk Management Framework

Google Secure AI Framework

What is the current state and future potential of AI Security? This special episode was recorded LIVE at BSidesSF (thats why its a little noisy), as we were amongst all the exciting action. Clint Gibler, Caleb Sima and Ashish Rajan sat down to talk about practical uses of AI today, how AI will transform security operations, if AI can be trusted to manage permissions and the importance of understanding AI's limitations and strengths.

Questions asked:

(00:00) Introduction

(02:24) A bit about Clint Gibler

(03:10) What top of mind with AI Security?

(04:13) tldr of Clint’s BSide SF Talk

(08:33) AI Summarisation of Technical Content

(09:47) Clint’s favourite part of the talk - Fuzzing

(15:30) Questions Clint got about his talk

(17:11) Human oversight and AI

(25:04) Perfection getting in the way of good

(30:15) AI on the engineering side

(36:31) Predictions for AI Security

Resources from this coversation:

Caleb's Keynote at BSides SF

Clint's Newsletter

Key AI Security takeaways from RSA Conference 2024, BSides SF 2024 and all the fringe activities that happen in SF during that week. Caleb and Ashish were speakers, panelists, participating in several events during that week and this episode captures all the highlights from all the conversations they had and they trends they saw during what they dubbed the "Cybersecurity Fringe Festival” in SF.

Questions asked:

(00:00) Introduction

(02:53) Caleb’s Keynote at BSides SF

(05:14) Clint Gibler’s Bsides SF Talk

(06:28) What are BSides Conferences?

(13:55) Cybersecurity Fringe Festival

(17:47) RSAC 2024 was busy

(19:05) AI Security at RSAC 2024

(23:03) RSAC Innovation Sandbox

(27:41) CSA AI Summit

(28:43) Interesting AI Talks at RSAC

(30:35) AI conversations at RSAC

(32:32) AI Native Security

(33:02) Data Leakage in AI Security

(30:35) Is AI Security all that different?

(39:26) How to filter vendors selling AI Solutions?