Security Weekly Podcast Network (Audio)

They're Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-584

We showcase recordings from this year's RSAC.
At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026.
Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what’s different or special about securing agent identities.
We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike.
Segment Resources:
https://genai.owasp.org
https://genai.owasp.org/resources/
https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381
This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-384

Interview with Rob Allen from Threatlocker
This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls.
Topic: Do the basics, they said. Easier said than done.
Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front.
The weekly enterprise news
Finally, in the enterprise security news,
a really interesting vibe check
funding
acquisitions
the verizon DBIR
we give a tutorial on how to leak AWS keys on github
OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL
agents versus agents
exploitbench
the vulnpocalypse
robot dogs are SO EASY to take out, we don’t need to be too scared of them yet
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-460

TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-583

In the security news this week:
FCC router bans and the hidden firmware update problem
Why extending support timelines actually improves security
Github supply chain concerns and the evolving SBOM ecosystem
CRA and NIS2 compliance deadlines are getting very real
The EU Cyber Resilience Act’s 24-hour vulnerability disclosure requirement
Security regulation: vertical vs horizontal compliance models
Vehicle-to-load EV systems powering homes during outages
Solar, batteries, AI farms, and the future economics of electricity
Data centers consuming regional power grids
BitLocker “Yellow Key” fallout and large-scale remediation challenges
AI-generated PowerShell fixes and the rise of vibe scripting
Linux kernel exploits, module jail, and default deny strategies
Medical biometric data theft and why fingerprints are terrible passwords
Interpol cybercrime operations across the MENA region
OT security, connected vehicles, and accepting real-world risk
The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-927