Episode Summary

In this episode, Conor and Stuart break down the risks of new tech like OpenAI's Atlas browser, the F5 source code breach, AWS outages, and deepfakes, showing you why resilience and clear risk management matter more than ever. You'll get practical advice on handling third- and fourth-party risk, understanding the real cost of outages, and preparing your business for today's cybersecurity threats.

Sponsors

Thank you to our sponsors who make this show possible.

→ Hampton North. Hampton North is the premium US based cybersecurity search firm.

→ Sysdig. Secure the cloud
the right way with agentic AI.

Episode Chapters

00:00 Banter

01:19 OpenAI's Atlas Browser

04:34 The Implications of F5 Source Code Theft

10:53 AWS Outage and Business Resilience

18:04 The Real Cost of Service Outages

23:42 The FTC's Stance on AI Marketing and Truthfulness

30:08 The Rise of Deepfakes and Their Implications

43:45 Actionable Insights for Business Leaders

45:16 Intro Long

Referenced Links & Resources

• OpenAI Atlas Browser
• Brave Research on Perplexity's Comet Browser
• Google Mandiant M-Trends Report
• FTC Operation AI Comply
• Ironscales Deepfake Report
• Darktrace
• Sam Altman/AP Voiceprint Authentication Quote

Call to Action

If you found this episode useful, please share it and subscribe!

→ Apple Podcasts

→ Spotify.

→ YouTube

→ Website

Follow You Hosts:

→ Conor Sherman: LinkedIn

→ Stuart Mitchell: LinkedIn

Episode Summary

In this episode, Richard Bird, Chief Information Security Officer at Singular AI, explains why the rush to adopt AI is creating new security risks and why getting the basics right is more important than ever. If you want to understand how AI is changing security and what you need to do about it, this conversation is essential.

Sponsors

Thank you to our sponsors who make this show possible.

→ Hampton North. Hampton North is the premium US based cybersecurity search firm.

→ Sysdig. Secure the cloud
the right way with agentic AI.

Guest Bio

Richard Bird is the Chief Information Security Officer at Singular AI and an industry veteran with over 30 years of experience. He has held key roles at JP Morgan, Chase, Ping Identity, and Traceable, and recently launched the podcast Yippee-ki-ai, focused on operationalizing AI in the real world. Connect with Richard on LinkedIn to follow his latest work and insights.

Episode Timestamps

00:00 The AI Adoption Crisis and API Security

11:41 Corporate Showmanship and the Reality of Layoffs

15:11 The Role of the Chief AI Officer: A Critical Examination

20:11 AI's Impact on Security Dynamics

26:10 The Dangers of AI in Security

30:50 Economic Sustainability of AI Technologies

41:40 AI Ethics: Real-World Implications

45:58 The Future of AI: Optimism and Caution

48:03 The Evolution of Security Landscape: AI's Role

52:08 Intro Long - Final.mp4

Referenced Thought Leaders & Articles

• Ray Dalio (referenced for modeling rise and fall of empires)
• Chase Cunningham (Dr. Zero Trust, referenced as a thought leader)
• David Friedman article on AI economics (referenced for economic analysis of AI)

Subscribe & Follow

If you found this episode useful, please share it and subscribe!

→ Apple Podcasts

→ Spotify.

→ YouTube

→ Website

Follow You Hosts:

→ Conor Sherman: LinkedIn

→ Stuart Mitchell: LinkedIn

Episode Summary

Walter Haydock shares practical strategies for navigating the complex landscape of AI governance, risk management, and compliance, especially in regulated sectors.

Sponsors

Thank you to our sponsors who make this show possible.

→ Hampton North. Hampton North is the premium US based cybersecurity search firm.

→ Sysdig. Secure the cloud
the right way with agentic AI.

Guest Bio

Walter Haydock is the Founder and CEO of StackAware, where he helps organizations operationalize AI governance through frameworks like ISO/IEC 42001 and the NIST AI RMF.

→ Connect with Walter on LinkedIn
→ Subscribe to his newsletter, Deploy Securely

Referenced Laws, Frameworks, and Papers

• California Transparency and Frontier Artificial Intelligence Act
• California AB 2013
• SB53 California
• California Consumer Privacy Act (CCPA)
• New York City Local Law 144
• ISO/IEC 42001
• Colorado Artificial Intelligence Act
• Unified Control Framework

Call to Action

If you found this episode useful, please share it and subscribe!

→ Apple Podcasts

→ Spotify.

→ YouTube

→ Website

Follow You Hosts:

→ Conor Sherman: LinkedIn

→ Stuart Mitchell: LinkedIn

Episode Summary

In this episode, Jake Bernardes, CISO at Anecdotes, joins to break down the risks and opportunities of OpenAI's AgentKit, vendor lock-in, and the real impact of AI on enterprise security and jobs.

Sponsors

Thank you to our sponsors who make this show possible.

→ Hampton North. Hampton North is the premium US based cybersecurity search firm.

→ Sysdig. Secure the cloud
the right way with agentic AI.

Guest Details

Jake Bernardes is the Chief Information Security Officer at Anecdotes, a top GRC platform.

• LinkedIn: https://www.linkedin.com/in/jakeleobernardes/

Referenced Links & Research

• OpenAI: Introducing AgentKit+
• Axios: The jobs crisis is bigger than AI
• TechRadar: AI might not actually be killing off jobs like we thought
• Yale Budget Lab: Evaluating the Impact of AI on the Labor Market
• Challenger Gray: September Job Cuts Fall 37% from August
• LockedInAI: 2025 AI Trends in US Job Markets
• Sysdig: Shai Hulud: The Novel Self-Replicating Worm Infecting Hundreds of NPM Packages

Call to Action

If you found this episode useful, please share it and subscribe!

→ Apple Podcasts

→ Spotify.

→ YouTube

→ Website

Follow You Hosts:

→ Conor Sherman: LinkedIn

→ Stuart Mitchell: LinkedIn

Episode Summary

In this episode, AI architect and security researcher Disesdi Susanna Cox explains the vast and complex attack surface of AI systems, highlighting the need for new security approaches like purple teaming and MLSecOps. Her insights help security leaders understand the unique risks and ethical challenges of AI, making this a must-listen for anyone responsible for securing modern AI-driven organizations.

Sponsors

Thank you to our sponsors who make this show possible.

→ Hampton North. Hampton North is the premium US based cybersecurity search firm.

→ Sysdig. Secure the cloud
the right way with agentic AI.

About the Guest

Disesdi Susanna Cox is an AI architect, patent holder, and consulting security researcher recognized for her work with the OWASP AI Exchange. Her frameworks and research have been adopted globally to help organizations understand and address the evolving security landscape in AI. Connect with Susanna to follow her latest insights and contributions:

LinkedIn: https://www.linkedin.com/in/disesdi/

Newsletter: https://disesdi.substack.com/

OWASP AI Exchange: https://owasp.org/www-project-ai-exchange/

Episode Breakdown

00:00 Navigating the AI Security Landscape

03:30 Understanding Adversarial Attacks in AI

06:06 The Importance of Purple Teaming in AI Security

08:49 Establishing MLSecOps for AI Systems

11:40 The Role of Chief AI Security Officer

13:03 Ethics and Risks of AI in Decision Making

26:07 The Future of Red Teaming in AI Security

35:33 Intro Long - Final.mp4

Referenced Resources

• OWASP AI Exchange
• Disesdi Substack: The Adversarial Subspace Problem
• DO-178C (Guidance for Aerospace Software)

Subscribe & Share

If you found this episode useful, please share it and subscribe!

→ Apple Podcasts

→ Spotify.

→ YouTube

→ Website

Follow You Hosts:

→ Conor Sherman: LinkedIn

→ Stuart Mitchell: LinkedIn

Overview

Today's episode features Keith Hoodlet from Trail of Bits. We discuss how AI is rapidly accelerating both cyber threats and defenses, shrinking the time to exploit vulnerabilities and reshaping cybersecurity job requirements.

Sponsors

Thank you to our sponsors who make this show possible.

→ Hampton North. Hampton North is the premium US based cybersecurity search firm.

→ Sysdig. Secure the cloud
the right way with agentic AI.

Guest Bio

That was Keith Hoodlet, Engineering Director at Trail of Bits, former Code Security Architect at GitHub, and winner of the DoD’s inaugural AI Bias Bounty.

• LinkedIn — Keith Hoodlet
• Website — Trail of Bits
• Newsletter — Secure.Dev

Referenced Links & Resources

• CVE Genie
• Hexstrike
• Buttercup
• Trail of Bits: MCP Security Layer
• Google/Mandiant Threat Intelligence
• The Skill Code by Matt Bean
• Harvard Business Review: AI-Generated Workslop

Subscribe & Follow

If you found this episode useful, please share it and subscribe!

→ Apple Podcasts

→ Spotify

→ YouTube

→ Website

Follow You Hosts:

→ Conor Sherman: LinkedIn

→ Stuart Mitchell: LinkedIn

Quick Take (TL;DR)

AI is rapidly transforming cybersecurity, from automating penetration testing to reshaping how security teams and developers work. This episode examines the practical implications, risks, and future prospects of AI in security, offering actionable insights for leaders and practitioners.

Guest Spotlight

Clint Gibler is Head of Security Research at Semgrep, creator of the TLDRsec newsletter, and host of the Modern Security Podcast.

Connect:

• LinkedIn — Clint Gibler
• Newsletter — TLDRsec
• Podcast — Modern Security Podcast

Key Topics & Timestamps

00:00 AI's Impact on Penetration Testing

03:19 The Future of Junior Pen Testers

05:42 Working with AI: A New Paradigm

10:31 Trusting AI Outputs

12:31 Shifting Down: A New Security Approach

15:20 Making Security Invisible for Developers

16:44 The Role of AI in Security and Development

19:04 Integrating Security into Vibe Coding

21:21 Human in the Loop: Balancing Automation and Oversight

23:04 Model Dependency and Cost Considerations

25:27 Emerging Security Risks in AI Infrastructure

29:41 Understanding Prompt Injection Challenges

31:05 Innovative Solutions in AI Security

32:28 Risks of Model Integration and Code Execution

34:14 Navigating AI Model Adoption in Organizations

34:42 The Future of AI in Security

38:52 Career Pathways in Cybersecurity

Resources & References

• TLDRsec — Security newsletter by Clint Gibler
• Modern Security Podcast — Hosted by Clint Gibler
• Semgrep — Code analysis tool
• OWASP Top 10 — Common web security risks
• Google Project Zero — Security research team
• DeepMind Camel Framework — AI agent separation
• Socket — Supply chain security tool
• Hugging Face — Model repository
• Trail of Bits — Security research and tools
• Building Secure and Reliable Systems — Google book on security
• GitHubComplianceAsCode/content — Automating compliance

Quick Take (TL;DR)

This episode explores the evolving risks and opportunities at the intersection of AI, security, and leadership, featuring insights from instant response veteran Jason Rebholz. The conversation highlights why AI safety and agentic systems matter for CISOs and security teams today.

Key Topics & Timestamps

• (00:00) Banter
• (03:39) Guest Introduction
• (04:29) DeepMind’s Frontier Safety Framework
• (06:11) Manipulative AI & Enterprise Risk
• (07:53) Frontier vs. Enterprise Risk
• (11:24) Early Signs & Real-World Impact
• (14:25) Safety vs. Security
• (16:16) Implementation Context
• (18:06) Expel Talent Index
• (22:08) What Makes a Great Security Pro?
• (29:05) Good CISO, Bad CISO
• (36:43) Memo to File
• (38:03) Securing AI Agents
• (44:49) Actionable Advice

Guest Spotlight

Jason Rebholz is the co-founder of Evoke Security and former CISO at Corvus Insurance. He previously led incident response at Mandiant, handling nation-state threats and major breaches. Jason is a leading voice on AI security, agentic systems, and practical risk management.
Connect:
- LinkedIn
- Website
- Newsletter

Resources & References

Books

• Good CISO, Bad CISO by Phil Venables

Articles / Studies

• DeepMind Frontier Safety Framework
• Expel 2025 Talent Index
• RAND Security Objectives
• Weekend Byte Newsletter

Tools / Frameworks

• RAND Security Objectives

Subscribe: Apple Podcasts | Spotify | YouTube | Website

Quick Take (TL;DR)

This episode examines how AI is transforming the cybersecurity landscape, with Sandy Dunn discussing why security leaders must reassess risk, trust, and business alignment in the era of agentic AI. Essential listening for anyone navigating the intersection of AI, security, and executive decision-making.

Guest Spotlight

Sandy Dunn is the Chief Information Security Officer (CISO) at SPLX, where she leads AI-driven security strategy and advises executive teams on risk and defense alignment. A 20-year cybersecurity veteran, Sandy is the creator and project leader of the OWASP Top 10 for LLM Applications and the GenAI Compass, and serves as an adjunct professor at Boise State University and board member at Agentic.org.

LinkedIn | SPLX | Agentic.org

Resources & References

Books

• Thinking, Fast and Slow — Daniel Kahneman

Articles / Studies

• OWASP Top 10 for LLM Applications
• Security Programs and Business Value

Tools / Frameworks

• OWASP GenAI Compass
• AI Threat Defense Compass (upcoming)
• NIST Cybersecurity Framework

Call to Action

If you found this episode useful, please share it and subscribe!

• Conor Sherman — LinkedIn | Website | Sysdig
• Stuart Mitchell — LinkedIn | Website
• Subscribe: Apple Podcasts | Spotify | YouTube | Website

AI is redrawing the economic map while vendors rush to “platformize” and attackers weaponize LLMs. Leaders must push for real platforms (shared data planes + policy layers), avoid “platform-in-name-only” lock-in, and prepare for agentic threats like PromptLock.

(00:00) Introduction — Why this week matters: AI divide, platformization reality check, agentic ransomware.

(02:10) Topic 1 — The AI Divide; Anthropic’s index shows productivity clustering in high-adoption regions; implications for hiring, policy, and multi-national execution.

(12:00) Topic 2 — Platformization & Consolidation; CrowdStrike–Pangea and Check Point–Lakera signal AI-security land grab; what “true platform” means; buyer guardrails.

(22:40) Topic 3 — PromptLock & Agentic Threats; ransomware that personalizes and negotiates; how to update IR/comms playbooks.

(31:30) Closing — Play offense: evidence-based platformization, workforce redesign, agentic blue-team prep.

• Anthropic: Economic Index — global AI adoption & productivity
• HR Grapevine: Zoom chief predicts three-day workweeks & role erosion
• Wall Street Journal: CrowdStrike to buy AI security company Pangea
• CyberScoop: Check Point to acquire Lakera for AI security
• ESET / WeLiveSecurity: PromptLock ransomware uses ChatGPT/LLMs
• AI Darwin Awards: Taco Bell drive-thru fiasco
• Venture in Security (Ross Haleliuk): Consolidation & platformization essays | LinkedIn activity

NIST AI RMF — governance + risk controls: https://www.nist.gov/itl/ai-risk-management-framework

OWASP GenAI / LLM Top 10 — threat categories: https://genai.owasp.org/llm-top-10/