Security Weekly Podcast Network (Audio)

SquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by changing default configs to turn off uncommon features and ancient protocols.
The Linux kernel's removal of strncpy is another example of managing attack surface by replacing a notoriously misused and ambiguous function with more specific versions that better match the developers intent. It was a six-year journey for the kernel, but one that should remove a class of vulns and, importantly, improve performance.
Then it's on to agents with a discussion of the newly released OWASP AISVS and yet another example of evaluating LLMs as code reviewers.
Agentic AI Has an Identity Problem
AI agents are already running inside enterprise environments, operating on credentials, API tokens, and cloud roles that most security teams have never inventoried. When an agent acts autonomously across production systems, the security question is no longer just what it can do but who it is and whether that identity is governed at all. Itamar Apelblat, Co-Founder and CEO of Token Security, discusses why identity is the right lens for understanding agentic AI risk and what practical steps security teams can take now.
Segment Resources:
https://www.token.security/product
https://www.token.security/lp/ai-agent-identity-security-buyers-guide-ebook
https://www.token.security/enzo
https://www.token.security/ai-agent-calculator
This segment is sponsored by Token Security. To lean more, visit https://securityweekly.com/tokenidv
Blended Identities and the challenge of IAM for AI
AI agents aren't quite human and aren't traditional machines. So how do you secure workflows that involve humans using AI to access sensitive data, and do it at machine speed and scale? David breaks down the challenges and discusses actual implementations of IAM for AI to explain how to solve them.
Segment Resources:
https://aembit.io/case-study/a-300b-investment-firm-secures-claude-access-with-aembit/
https://aembit.io/blog/aembit-now-secures-microsoft-copilot-studio-agents/
https://www.youtube.com/watch?v=cSInzRUXvNc
This segment is sponsored by Aembit. Get the cloud security alliance survey on AI Identities at https://securityweekly.com/aembitidv
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-389

Interview with Adriel Desautels - the pentest is broken
Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it.
Segment Resources:
https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity
https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the-enterprise-price-tag
https://netragard.com/blog/what-is-penetration-testing/
Topic: Why Meta is destroying its engineering organization
The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineering
A very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below.
This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues.
‘Tell Him He’s a Piece of Shit’: Meta’s New AI Unit Is a Total Mess
The Newest Instagram "Exploit" is the Goofiest I've Seen
Meta CTO Andrew Bosworth Admits the Company’s AI Reorg Was ‘Atrocious’
Meta’s months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it
The Weekly Enterprise News
Finally, in the enterprise security news,
an AI vibe check
An AI SOC vendor shuts down
Cybersecurity vendor layoffs
funding & acquisitions
cascading breaches
digital estate management
criminals don’t trust AI either
some devs won’t code without AI, even if you pay them to
Midjourney is now a healthcare company?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-465

AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8 Sidewalk Bots, Josh Marpet, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-593

First up is Sandy Bird from Sonrai discussing how to protect our cloud infrastructure!
This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them!
Next up in the security news:
Help, I am Fortibleeding
Cisco SD-WAN needs help
The secret life of probe requests
Help, I am Squidbleeding
XSS to RCE and why CVSS isn't the full picture
TVs spy on you
Foundational security practices
Cybersecurity costs money
Happy "Its too late to update your KEK key" day
You don't have security flaws if no one can report them
Rickrolling FIFA
Domain takeovers
End of life, out of luck
The key to Encryption...
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-932

The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awareness training and phishing campaigns worked?
Robert Siciliano, Architect of of The Strategic Human Firewall™ at ProtectNow, joins Business Security Weekly to explore why humans, not hackers, are the ultimate deciding factor in organizational security. The industry needs to shift from security awareness to security appreciation. Robert will discuss:
How you can build a culture that actually protects your people, your data, and your operations in an era of AI deception.
Why most companies are still performing 'Security Theater'—checking boxes and hoping for the best—instead of driving genuine behavior change.
How Trust and Denial quietly fuel most disasters, why interactive training is the only way to make the lessons stick, and how leaders can scale this entire framework without needing a Hollywood budget.
Segment Resources:
https://protectnowllc.com/ai-cyber-security-keynote-speaker/
In the leadership and communications segment, Should CEOs Be Held Personally Accountable for Cyber Attacks?, Placing communication at the center of every leadership transition, AI isn’t solving cybersecurity workforce woes, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-453