Zero Signal

Episode SummaryIn this episode, Jake Bernardes, CISO at Anecdotes, joins to break down the risks and opportunities of OpenAI's AgentKit, vendor lock-in, and the real impact of AI on enterprise security and jobs. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest DetailsJake Bernardes is the Chief Information Security Officer at Anecdotes, a top GRC platform. LinkedIn: https://www.linkedin.com/in/jakeleobernardes/Referenced Links & ResearchOpenAI: Introducing AgentKit+Axios: The jobs crisis is bigger than AITechRadar: AI might not actually be killing off jobs like we thoughtYale Budget Lab: Evaluating the Impact of AI on the Labor MarketChallenger Gray: September Job Cuts Fall 37% from AugustLockedInAI: 2025 AI Trends in US Job MarketsSysdig: Shai Hulud: The Novel Self-Replicating Worm Infecting Hundreds of NPM PackagesCall to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, AI architect and security researcher Disesdi Susanna Cox explains the vast and complex attack surface of AI systems, highlighting the need for new security approaches like purple teaming and MLSecOps. Her insights help security leaders understand the unique risks and ethical challenges of AI, making this a must-listen for anyone responsible for securing modern AI-driven organizations.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.About the GuestDisesdi Susanna Cox is an AI architect, patent holder, and consulting security researcher recognized for her work with the OWASP AI Exchange. Her frameworks and research have been adopted globally to help organizations understand and address the evolving security landscape in AI. Connect with Susanna to follow her latest insights and contributions:LinkedIn: https://www.linkedin.com/in/disesdi/Newsletter: https://disesdi.substack.com/OWASP AI Exchange: https://owasp.org/www-project-ai-exchange/Episode Breakdown00:00 Navigating the AI Security Landscape03:30 Understanding Adversarial Attacks in AI06:06 The Importance of Purple Teaming in AI Security08:49 Establishing MLSecOps for AI Systems11:40 The Role of Chief AI Security Officer13:03 Ethics and Risks of AI in Decision Making26:07 The Future of Red Teaming in AI Security35:33 Intro Long - Final.mp4Referenced ResourcesOWASP AI ExchangeDisesdi Substack: The Adversarial Subspace ProblemDO-178C (Guidance for Aerospace Software)Subscribe & ShareIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

OverviewToday's episode features Keith Hoodlet from Trail of Bits. We discuss how AI is rapidly accelerating both cyber threats and defenses, shrinking the time to exploit vulnerabilities and reshaping cybersecurity job requirements. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioThat was Keith Hoodlet, Engineering Director at Trail of Bits, former Code Security Architect at GitHub, and winner of the DoD’s inaugural AI Bias Bounty. LinkedIn — Keith HoodletWebsite — Trail of BitsNewsletter — Secure.DevReferenced Links & ResourcesCVE Genie Hexstrike Buttercup Trail of Bits: MCP Security LayerGoogle/Mandiant Threat Intelligence The Skill Code by Matt Bean Harvard Business Review: AI-Generated WorkslopSubscribe & FollowIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Quick Take (TL;DR)AI is rapidly transforming cybersecurity, from automating penetration testing to reshaping how security teams and developers work. This episode examines the practical implications, risks, and future prospects of AI in security, offering actionable insights for leaders and practitioners. Guest SpotlightClint Gibler is Head of Security Research at Semgrep, creator of the TLDRsec newsletter, and host of the Modern Security Podcast. Connect:LinkedIn — Clint GiblerNewsletter — TLDRsecPodcast — Modern Security Podcast Key Topics & Timestamps00:00 AI's Impact on Penetration Testing03:19 The Future of Junior Pen Testers05:42 Working with AI: A New Paradigm10:31 Trusting AI Outputs12:31 Shifting Down: A New Security Approach15:20 Making Security Invisible for Developers16:44 The Role of AI in Security and Development19:04 Integrating Security into Vibe Coding21:21 Human in the Loop: Balancing Automation and Oversight23:04 Model Dependency and Cost Considerations25:27 Emerging Security Risks in AI Infrastructure29:41 Understanding Prompt Injection Challenges31:05 Innovative Solutions in AI Security32:28 Risks of Model Integration and Code Execution34:14 Navigating AI Model Adoption in Organizations34:42 The Future of AI in Security38:52 Career Pathways in Cybersecurity Resources & ReferencesTLDRsec — Security newsletter by Clint GiblerModern Security Podcast — Hosted by Clint GiblerSemgrep — Code analysis toolOWASP Top 10 — Common web security risksGoogle Project Zero — Security research teamDeepMind Camel Framework — AI agent separationSocket — Supply chain security toolHugging Face — Model repositoryTrail of Bits — Security research and toolsBuilding Secure and Reliable Systems — Google book on securityGitHubComplianceAsCode/content — Automating compliance

Quick Take (TL;DR)This episode explores the evolving risks and opportunities at the intersection of AI, security, and leadership, featuring insights from instant response veteran Jason Rebholz. The conversation highlights why AI safety and agentic systems matter for CISOs and security teams today. Key Topics & Timestamps (00:00) Banter(03:39) Guest Introduction(04:29) DeepMind’s Frontier Safety Framework(06:11) Manipulative AI & Enterprise Risk(07:53) Frontier vs. Enterprise Risk(11:24) Early Signs & Real-World Impact(14:25) Safety vs. Security(16:16) Implementation Context(18:06) Expel Talent Index(22:08) What Makes a Great Security Pro?(29:05) Good CISO, Bad CISO(36:43) Memo to File(38:03) Securing AI Agents(44:49) Actionable Advice Guest SpotlightJason Rebholz is the co-founder of Evoke Security and former CISO at Corvus Insurance. He previously led incident response at Mandiant, handling nation-state threats and major breaches. Jason is a leading voice on AI security, agentic systems, and practical risk management. Connect: - LinkedIn - Website- Newsletter  Resources & References BooksGood CISO, Bad CISO by Phil Venables Articles / StudiesDeepMind Frontier Safety FrameworkExpel 2025 Talent IndexRAND Security ObjectivesWeekend Byte Newsletter Tools / FrameworksRAND Security Objectives Subscribe: Apple Podcasts | Spotify | YouTube | Website

Quick Take (TL;DR)This episode examines how AI is transforming the cybersecurity landscape, with Sandy Dunn discussing why security leaders must reassess risk, trust, and business alignment in the era of agentic AI. Essential listening for anyone navigating the intersection of AI, security, and executive decision-making.Guest SpotlightSandy Dunn is the Chief Information Security Officer (CISO) at SPLX, where she leads AI-driven security strategy and advises executive teams on risk and defense alignment. A 20-year cybersecurity veteran, Sandy is the creator and project leader of the OWASP Top 10 for LLM Applications and the GenAI Compass, and serves as an adjunct professor at Boise State University and board member at Agentic.org.LinkedIn | SPLX | Agentic.orgResources & ReferencesBooksThinking, Fast and Slow — Daniel KahnemanArticles / StudiesOWASP Top 10 for LLM ApplicationsSecurity Programs and Business ValueTools / FrameworksOWASP GenAI CompassAI Threat Defense Compass (upcoming)NIST Cybersecurity FrameworkCall to ActionIf you found this episode useful, please share it and subscribe!Conor Sherman — LinkedIn | Website | SysdigStuart Mitchell — LinkedIn | WebsiteSubscribe: Apple Podcasts | Spotify | YouTube | Website

AI is redrawing the economic map while vendors rush to “platformize” and attackers weaponize LLMs. Leaders must push for real platforms (shared data planes + policy layers), avoid “platform-in-name-only” lock-in, and prepare for agentic threats like PromptLock.Key Topics & Timestamps(00:00) Introduction — Why this week matters: AI divide, platformization reality check, agentic ransomware.(02:10) Topic 1 — The AI Divide; Anthropic’s index shows productivity clustering in high-adoption regions; implications for hiring, policy, and multi-national execution.(12:00) Topic 2 — Platformization & Consolidation; CrowdStrike–Pangea and Check Point–Lakera signal AI-security land grab; what “true platform” means; buyer guardrails.(22:40) Topic 3 — PromptLock & Agentic Threats; ransomware that personalizes and negotiates; how to update IR/comms playbooks.(31:30) Closing — Play offense: evidence-based platformization, workforce redesign, agentic blue-team prep.Resources & ReferencesArticles / StudiesAnthropic: Economic Index — global AI adoption & productivityHR Grapevine: Zoom chief predicts three-day workweeks & role erosionWall Street Journal: CrowdStrike to buy AI security company PangeaCyberScoop: Check Point to acquire Lakera for AI securityESET / WeLiveSecurity: PromptLock ransomware uses ChatGPT/LLMsAI Darwin Awards: Taco Bell drive-thru fiascoVenture in Security (Ross Haleliuk): Consolidation & platformization essays | LinkedIn activityTools / FrameworksNIST AI RMF — governance + risk controls: https://www.nist.gov/itl/ai-risk-management-frameworkOWASP GenAI / LLM Top 10 — threat categories: https://genai.owasp.org/llm-top-10/

Quick Take (TL;DR)This episode examines the evolving cybersecurity economy, the impact of AI on security roles and investments, and why trust, adaptability, and community are more crucial than ever for security leaders.Key Topics & Timestamps(00:00) Introduction — Mike’s journey as the first security hire at a FinTech and the realities of building trust in security leadership.(04:32) Security Leadership — Strategies for first-time CISOs, balancing technical depth with business needs, and the importance of level-setting expectations.(08:36) The Cybersecurity Economy — Mike’s five-pillar framework: investment, government, regulation, labor market, and community.(13:07) AI’s Impact — How AI is reshaping security investments, the rise of AI-enabled tools, and the explosion of red teaming for AI applications.(20:09) Evolving Roles — The growing importance of AI governance, the dual mandate for CISOs, and the enduring need for fundamentals like authentication and identity.(34:34) Mike’s advice on building a personal brand, sharing experiences.(41:27) The future of Return on Security.(43:44) ClosingGuest SpotlightMike Privette is the founder of Return on Security, recognized as the industry’s first cybersecurity economist. He’s known for his in-depth analysis of funding trends, M&A, and the shifting landscape of security and AI. Mike’s work has been featured at B-Sides and followed by thousands of industry leaders.Connect with Mike: LinkedIn | Newsletter.Resources & ReferencesArticles / StudiesMike’s annual cybersecurity funding reports: Return on Security NewsletterTools / FrameworksAI Red Teaming (general concept, not a specific tool)Mike’s Five-Pillar Cybersecurity Economy Framework (investment, government, regulation, labor, community)Call to ActionConor Sherman — LinkedIn | Website | Sysdig;Stuart Mitchell — LinkedIn | Website.Subscribe: Apple Podcasts | Spotify | YouTube | Website

SummaryIn this episode, Conor Sherman and Stuart Mitchell discuss the evolving landscape of education, job markets, and AI regulation. They explore the implications of Gen Z's shifting attitudes towards college, the impact of AI on job security, and the recent endorsement of AI safety legislation by Anthropic. The conversation also delves into the current job market trends, the integration of AI in security teams, and the alarming advancements in exploit development through tools like CVE Genie.  ArticlesAxios: Gen Z still choosing college despite AI anxietiesPBS NewsHour: Why many in Gen Z are ditching college for training in skilled tradesAxios: Jobs data shows hiring momentum slowdownMoneywise: US has more unemployed than job openings for first time since 2021TechCrunch: Anthropic endorses California’s AI safety bill SB-53Anthropic: Anthropic is endorsing SB-53OpenAI blog: Why language models hallucinateOpenAI paper PDF: Why Language Models Hallucinate Follow for MoreConor Sherman — LinkedIn | Website | Sysdig;Stuart Mitchell — LinkedIn | Website.Add subscription links: Apple Podcasts | Spotify | YouTube | Website.

Daniel Miessler, a cybersecurity expert and the creator of Unsupervised Learning, discusses the future of work in an AI-dominated world. He explores the unsettling possibility of a 'zero-employee' ideal and its implications for society and security. The conversation digs into the emotional turmoil CEOs face during layoffs and the urgent need for new economic structures like Universal Basic Income. Additionally, Miessler emphasizes the importance of curiosity and critical thinking for future workers to navigate the challenges posed by AI.