A Conversation With Harry Wetherald CO-Founder & CEO At Maze

Sep 22, 2025

Harry Wetherald, co-founder and CEO of Maze, dives into how AI is revolutionizing vulnerability management and application security. He discusses the critical challenge of remediation, emphasizing that AI can bridge the gap between vulnerabilities and the developers who address them. Harry explains how linking vulnerabilities to specific teams and tools like GitHub can streamline workflows. The conversation also touches on the shrinking tolerance for vulnerability windows and the arms race between attackers and defenders in leveraging AI for cybersecurity.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Founders Built Maze From Personal Pain

Harry co-founded Maze to build AI agents that replicate expert security analysis at scale.
They aim to free teams from endless backlogs by automating deep vulnerability interrogation.

INSIGHT

Most Findings Are Noise

Deeply analyzing each vulnerability often shows most are non-exploitable in context.
Removing those noise items shrinks the actionable list far more than better prioritization alone.

ADVICE

Prove Exploitability First

Start remediation by proving exploitability before any other scoring or intel.
Use AI to triage exploitability first, then generate specific fixes for developers.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

➡ Stay Ahead of Cyber Threats with AI-Driven Vulnerability Management with Maze:
https://mazehq.com/

In this conversation, I speak with Harry about how AI is transforming vulnerability management and application security. We explore how modern approaches can move beyond endless reports and generic fixes, toward real context-aware workflows that actually empower developers and security teams.

We talk about:

The Real Problem in Vulnerability Management
Why remediation—not just prioritization—remains the toughest challenge, and how AI can help bridge the gap between vulnerabilities and the developers who need to fix them.

Context, Ownership, and Velocity
How linking vulnerabilities to the right applications and teams inside their daily tools (like GitHub) reduces friction, speeds up patching, and improves security without slowing developers down.

AI Agents and the Future of Security
Why we should think of AI agents as “extra eyes and hands,” and how they’re reshaping everything from threat detection to system design, phishing campaigns, and organizational defense models.

Attackers Move First
How attackers are already building unified world models of their targets using AI, and why defenders need to match (or exceed) this intelligence to stay ahead.

From Days to Minutes
Why the tolerance for vulnerability windows is shrinking fast, and how automation and AI are pushing us toward a future where hours—or even minutes—make the difference.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:

00:00 – Welcome and Harry’s Background
01:07 – The Real Problem: Remediation vs. Prioritization
04:31 – Breaking Down Vulnerability Context and Threat Intel
05:46 – Connecting Vulnerabilities to Developers and Workflows
08:01 – Why Traditional Vulnerability Management Fails
10:29 – Startup Lessons and The State of AI Agents
13:26 – DARPA’s AI Cybersecurity Competition
14:29 – System Design: Deterministic Code vs. AI
16:05 – How the Product Works and Data Sources
18:01 – AI as “Extra Eyes and Hands” in Security
20:20 – Breaking Barriers: Rethinking Scale with AI
23:22 – Building World Models for Defense (and Attack)
25:22 – Attackers Move Faster: Why Context Matters
27:04 – Phishing at Scale with AI Agents
31:24 – Shrinking Windows of Vulnerability: From Days to Minutes
32:47 – What’s Next for Harry’s Work
34:13 – Closing Thoughts

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.