AI CyberSecurity Podcast

Dive deep into the world of AI agent communication with this episode. Join hosts Caleb Sima and Ashish Rajan as they break down the crucial protocols enabling AI agents to interact and perform tasks: Model Context Protocol (MCP) and Agent-to-Agent (A2A).Discover what MCP and A2A are, why they're essential for unlocking AI's potential beyond simple chatbots, and how they allow AI to gain "hands and feet" to interact with systems like your desktop, browsers, or enterprise tools like Jira. The hosts explore practical use cases, the underlying technical architecture involving clients and servers, and the significant security implications, including remote execution risks, authentication challenges, and the need for robust authorization and privilege management.The discussion also covers Google's entry with the A2A protocol, comparing and contrasting it with Anthropic's MCP, and debating whether they are complementary or competing standards. Learn about the potential "AI-ification" of services, the likely emergence of MCP firewalls, and predictions for the future of AI interaction, such as AI DNS.If you're working with AI, managing cybersecurity in the age of AI, or simply curious about how AI agents communicate and the associated security considerations, this episode provides critical insights and context.Questions asked:(00:00) Introduction: AI Agents & Communication Protocols(02:06) What is MCP (Model Context Protocol)? Defining AI Agent Communication(05:54) MCP & Agentic Workflows: Enabling AI Actions & Use Cases(09:14) Why MCP Matters: Use Cases & The Need for AI Integration(14:27) MCP Security Risks: Remote Execution, Authentication & Vulnerabilities(19:01) Google's A2A vs Anthropic's MCP: Protocol Comparison & Debate(31:37) Future-Proofing Security: MCP & A2A Impact on Security Roadmaps(38:00) - MCP vs A2A: Predicting the Dominant AI Protocol(44:36) - The Future of AI Communication: MCP Firewalls, AI DNS & Beyond(47:45) - Real-World MCP/A2A: Adoption Hurdles & Practical Examples

Join bug bounty hunter Joseph Thacker, who specializes in AI security, as he demystifies the evolving landscape of AI-powered applications. He shares real-world insights on unique vulnerabilities, like markdown image exfiltration and XSS in LLM responses. Discover why AI AppSec differs from traditional AppSec and how augmented human hackers currently outperform automated tools. Joseph also discusses the rise of hack bots and their limitations, offering a fascinating glimpse into the future of AI in cybersecurity.

Can you prove you’re actually human? In a world of AI deepfakes, synthetic identities, and evolving cybersecurity threats, digital identity is more critical than ever.With AI-generated voices, fake videos, and evolving fraud tactics, the way we authenticate ourselves online is rapidly changing. So, what’s the future of digital identity? And how can you protect yourself in this new era?In this episode, hosts Caleb Sima and Ashish Rajan is joined by Adrian Ludwig, CISO at Tools For Humanity (World ID project), former Chief Trust Officer at Atlassian, and ex-Google security lead for Android. Together, they explore:Why digital identity is fundamentally broken and needs a major rebootThe rise of AI-powered identity fraud and how it threatens securityHow World ID is using blockchain and biometrics to verify real humansThe debate: Should we trust governments, companies, or decentralized systems with our identity?The impact of GenAI & deepfakes on authentication and online trustQuestions asked:(00:00) Introduction(03:55) Digital Identity in 2025(14:13) How has AI impacted Identity?(29:33) Trust and Transparency with AI(32:18) Authentication and Identity(49:53) What can people do today?(52:05) Where can people learn about World Foundation?(53:49) Adoption of new identity protocolsResources spoken about during the episode:Tools for HumanityWorld.org

In this enlightening discussion, Daniel Miessler, a cybersecurity veteran and AI security researcher, demystifies AI agents and their capabilities. He reveals the difference between true intelligence and automation, highlighting common misconceptions about AI in cybersecurity. Miessler emphasizes the significant impact of AI agents on decision-making, their security implications, and the ethical challenges they introduce. He also warns against misleading claims from companies about their AI tools, urging a clearer understanding of AI's risks and opportunities.

In this engaging discussion, Dylan Williams, a seasoned cybersecurity practitioner with nearly ten years in detection engineering, shares his insights on AI's transformative effects on detection processes. He explores how AI is reshaping threat detection and reducing false positives while enhancing investigation speed. Dylan also delineates the difference between automation and agentic AI, emphasizes the importance of accurate signal identification, and introduces practical AI tools that detection engineers can utilize right now. Tune in for a glimpse into the future of detection engineering!

Welcome to the future of cybersecurity! The discussion dives into how agentic AI is reshaping business landscapes while presenting new security challenges. Key topics include the resurgence of Identity and Access Management and the necessity for least privilege strategies. The hosts share practical advice on crafting a robust AI security plan for 2025, highlighting incident response and monitoring essentials. Plus, real-world examples illustrate the evolving nature of AI in operations and safety, offering insights invaluable for CISOs and security leaders.

The discussion kicks off with AI predictions for cybersecurity in 2025, highlighting the transformative impact of generative AI on the industry. There's an exciting focus on SOC automation and its tangible effects. Data security emerges as a major winner, alongside the potential of agentic AI in revolutionizing security operations. Predictions for innovative AI startups tease a future filled with productivity and security advancements. Amidst optimism and caution, the hosts explore the need for strategic planning in integrating AI into cybersecurity.

Host Caleb Sima and Ashish Rajan caught up with experts Daniel Miessler (Unsupervised Learning), Joseph Thacker (Principal AI Engineer, AppOmni) to talk about the true vulnerabilities of AI applications, how prompt injection is evolving, new attack vectors through images, audio, and video and predictions for AI-powered hacking and its implications for enterprise security. Whether you're a red teamer, a blue teamer, or simply curious about AI's impact on cybersecurity, this episode is packed with expert insights, practical advice, and future forecasts. Don’t miss out on understanding how attackers leverage AI to exploit vulnerabilities—and how defenders can stay ahead. Questions asked: (00:00) Introduction (02:11) A bit about Daniel Miessler (02:22) A bit about Rez0 (03:02) Intersection of Red Team and AI (07:06) Is red teaming AI different? (09:42) Humans or AI: Better at Prompt Injection? (13:32) What is a security vulnerability for a LLM? (14:55) Jailbreaking vs Prompt Injecting LLMs (24:17) Whats new for Red Teaming with AI? (25:58) Prompt injection in Multimodal Models (27:50) How Vulnerable are AI Models? (29:07) Is Prompt Injection the only real threat? (31:01) Predictions on how prompt injection will be stored or used (32:45) What’s changed in the Bug Bounty Toolkit? (35:35) How would internal red teams change? (36:53) What can enterprises do to protect themselves? (41:43) Where to start in this space? (47:53) What are our guests most excited about in AI? Resources Daniel's Webpage - Unsupervised Learning Joseph's Website

Jason Clinton, CISO at Anthropic, Kristy Hornland, Cybersecurity Director at KPMG, and Vijay Bolina, CISO at Google DeepMind, discuss the pivotal intersection of AI and cybersecurity. They explore AI's transformative impact on secure coding practices and the evolution of software development. The guests highlight risks surrounding AI-generated code, the complexities of multimodal models, and the imperative of responsible AI use. They emphasize the need for robust data governance and proactive risk management within organizations as they prepare for 2024 and beyond.

In this episode of the AI Cybersecurity Podcast, Caleb and Ashish sat down with Vijay Bolina, Chief Information Security Officer at Google DeepMind, to explore the evolving world of AI security. Vijay shared his unique perspective on the intersection of machine learning and cybersecurity, explaining how organizations like Google DeepMind are building robust, secure AI systems. We dive into critical topics such as AI native security, the privacy risks posed by foundation models, and the complex challenges of protecting sensitive user data in the era of generative AI. Vijay also sheds light on the importance of embedding trust and safety measures directly into AI models, and how enterprises can safeguard their AI systems. Questions asked: (00:00) Introduction (01:39) A bit about Vijay (03:32) DeepMind and Gemini (04:38) Training data for models (06:27) Who can build an AI Foundation Model? (08:14) What is AI Native Security? (12:09) Does the response time change for AI Security? (17:03) What should enterprise security teams be thinking about? (20:54) Shared fate with Cloud Service Providers for AI (25:53) Final Thoughts and Predictions