AI Security Podcast

Dive into the alarming findings of a recent AI Threat Intelligence report. Discover how AI-enabled biohacking and extortion strategies are transforming cybercrime. Learn about North Korean IT workers leveraging AI to simulate technical skills for Fortune 500 jobs. Explore the rise of ransomware-as-a-service, making sophisticated attacks accessible to less skilled actors. The discussion also highlights gaps in identity verification and the complexities of AI in scaling fraud and malware, revealing a landscape where AI is professionalizing existing threats.

Thomas Roccia, a Senior Threat Researcher at Microsoft specializing in AI applications for malware analysis, discusses groundbreaking concepts like the 'Indicator of Prompt Compromise' (IOPC). He shares insights on his open-source projects, including NOVA, a tool to detect malicious prompts. The conversation explores using AI to track complex crypto laundering schemes, simplifying reverse engineering, and how AI enhances threat intelligence. Roccia also highlights the shift in skill accessibility, where advanced tasks become manageable for more professionals.

In this discussion, Jason Haddix, an offensive security expert from Arcanum, and Daniel Miessler, founder of Unsupervised Learning, dive into the 2025 landscape of AI security. They reveal how LLMs are leaking into broader ecosystems, becoming tools for malicious prompts and exploiting vulnerabilities. The duo highlights the critical yet unsolved problem of prompt injection and the challenges posed by privacy laws on incident response. They emphasize the need for innovative threat modeling and proactive security measures to navigate this evolving danger.

Damian Hasse, CISO of Moveworks and a security expert from Amazon's Alexa, offers a deep dive into AI security. He discusses how the current AI hype cycle differs from past failures and the importance of expertise in AI Councils. Hasse shares his framework for assessing AI risks, focusing on specific use cases and data protection. He addresses threats like prompt injection and outlines strategies to mitigate security risks in AI-assisted environments, making this a must-listen for security leaders navigating the complexities of modern AI.

Join Jackie Bow, the Technical Lead of Threat Detection Engineering at Anthropic, and Kane Narraway, who heads the Enterprise Security Team at Canva, as they dive deep into the dual-edged sword of AI in security. Jackie reveals how AI, specifically Claude, revolutionizes threat detection by breaking traditional barriers. In contrast, Kane emphasizes the risks tied to AI integrations, arguing that many challenges mirror existing vulnerabilities. Together, they explore innovative threat modeling strategies while balancing the need for strong security with the power of AI.

Discover how 'Vibe Coding' transforms the role of non-engineers in software development, allowing rapid application deployment. Learn to harness AI tools for effective project management and overcome challenges in scaling coding projects. Explore the proactive strategies needed to navigate security risks with AI-generated applications. The discussion also emphasizes the significance of maintaining a structured approach to innovation while ensuring compliance. Plus, hear personal anecdotes that illustrate the balance between creativity and security in tech.

In this engaging discussion, Guy Podjarny, founder of Snyk and Tessl, dives into the future of AI in software development. He introduces 'vibe coding,' where developers increasingly rely on AI-generated code with less oversight, sparking opportunities and significant risks. The conversation also touches on 'slopsquatting,' a new security threat from AI-generated fake library names. Guy emphasizes the shifting role of developers towards managing AI workflows and highlights the importance of clear specifications and rigorous testing in a rapidly evolving tech landscape.

Join Phil Venables, former CISO at Google Cloud and a cybersecurity expert with over 30 years of experience, as he dives into the intersection of AI and cybersecurity. He discusses the evolution from predictive AI to Agentic AI, emphasizing practical applications in organizations. Phil outlines three key pillars for CISO control: software lifecycle risk, data governance, and operational risk management. He also shares insights on leveraging AI to address workforce skill shortages and the expanding role of CISOs in navigating digital risk.

Explore how enterprise browsers are shaping the future of AI security. Discover why they are crucial in enterprise workflows, acting as the new OS. Learn about key players in the browser security landscape and the challenges of integrating AI. Understand how these browsers enhance security with features like Data Loss Prevention and Zero Trust capabilities. Delve into the risks posed by AI agents and the evolving role these technologies will play in enhancing organizational security.

Leonard Tang, Co-founder and CEO of Haize Labs, shares insights on AI red teaming and its impact on enterprise security. He discusses the evolution of red teaming methodologies influenced by AI technology. Leonard highlights vulnerabilities in multimodal AI applications and explains how adversarial attacks pose significant risks. He also delves into the necessity of precise output control for developing sophisticated exploits and the importance of cybersecurity professionals adapting their skills to meet the challenges of AI. Expect engaging real-world examples and practical mitigation strategies!