Navigating AI's New Security Landscape with Vineeth Sai
In this episode, we talk to Vineeth Sai Narajala (Senior Security Engineer @ Meta). We discuss the evolving landscape of AI security, focusing on the Model Context Protocol (MCP), Enhanced Tool Definition Interface (ETDI), and the AI Vulnerability Scoring System (AIVSS). We explore the challenges of integrating AI into existing systems, the importance of identity management for AI agents, and the need for standardized security practices. The discussion emphasizes the necessity of adapting security measures to the unique risks posed by generative AI and the collaborative efforts required to establish effective protocols.Key Takeaways- MCP simplifies AI integration but raises security concerns.- Identity management is crucial for AI agents.- ETDI addresses specific vulnerabilities in AI tools.- AIVSS aims to standardize AI vulnerability assessments.- Developers should start with minimal permissions for AI.- Trust in the agent ecosystem is vital for security.- Collaboration is key to developing effective security protocols.- Security fundamentals still apply in AI integration.Tune in for a deep dive into the future of security and the innovative approaches shaping the industry!Contacting Vineeth* Vineeth's LinkedIn: https://www.linkedin.com/in/vineethsai/* Vineeth's website: https://vineethsai.com/Contacting Anshuman* LinkedIn: https://www.linkedin.com/in/anshumanbhartiya/* X: https://x.com/anshuman_bh* Website: https://anshumanbhartiya.com/* Instagram: https://www.instagram.com/anshuman.bhartiya Contacting Sandesh* LinkedIn: https://www.linkedin.com/in/anandsandesh/* X: https://x.com/JubbaOnJeans* Website: https://boringappsec.substack.com/
--------
51:15
--------
51:15
Agentic AI: Transforming Vulnerability Management with Harry Wetherald
In this episode, we talk to Harry Wetherald (Co-Founder and CEO @ Maze). We explore the evolving landscape of vulnerability management. Harry shares insights from his journey in AI and machine learning, discussing the challenges of triaging vulnerabilities across diverse organizations. The conversation delves into the concept of agentic AI, the importance of context engineering, and the hurdles of achieving enterprise-grade reliability in AI systems. Harry also reflects on the inflection points that led to the founding of Maze and the role of LLMs in transforming security practices. Key Takeaways- Introduction to Maze and Harry's Journey: Harry shares his background in AI and machine learning, emphasizing the persistent challenges in vulnerability management and the founding of Maze to address these issues.- Agentic AI and Context Engineering: The discussion highlights the shift from static rules to agentic AI, where AI agents autonomously investigate vulnerabilities, and the critical role of context engineering in tailoring solutions to specific organizational needs.- Challenges in AI Reliability: Harry talks about the engineering hurdles in making AI systems reliable and consistent, focusing on the importance of tight reasoning loops and human-AI symbiosis.- Pricing Strategies: In AI-native security solutions, clear and fixed pricing is preferred, as it simplifies budgeting and aligns with traditional models, while vendors should manage costs to ensure predictability for customers.- Future of Security with AI: The conversation concludes with insights into the future of security, where AI agents work in the background to provide innovative solutions, and the importance of human feedback in refining AI systems.Tune in for a deep dive into the future of security and the innovative approaches shaping the industry!Contacting Harry* Harry's LinkedIn: https://www.linkedin.com/in/harrywetherald/* Maze: https://mazehq.com/Contacting Anshuman* LinkedIn: https://www.linkedin.com/in/anshumanbhartiya/* X: https://x.com/anshuman_bh* Website: https://anshumanbhartiya.com/* Instagram: https://www.instagram.com/anshuman.bhartiya Contacting Sandesh* LinkedIn: https://www.linkedin.com/in/anandsandesh/* X: https://x.com/JubbaOnJeans* Website: https://boringappsec.substack.com/
--------
48:17
--------
48:17
Surag Patel and Arshan Dabirsiaghi
In this episode, we talk to Surag Patel (CEO @ Pixee) and Arshan Dabirsiaghi (CTO @ Pixee). We discuss the transformative approach that Pixee is taking in application security. We explore the shift from traditional security tools that merely detect vulnerabilities to a model that emphasizes automated remediation. The discussion covers the evolving role of AppSec professionals, the integration of AI agents to scale coverage, the importance of trust in automated fixes, and the challenges of navigating a crowded security market. We also touch on the future of security in design specifications and the need for a comprehensive approach to security that includes all stakeholders in the software development lifecycle.Key Takeaways- The traditional model of security tools is being challenged.- Pixee aims to automate not just detection but also remediation.- AI agents can help scale coverage in application security.- The role of AppSec professionals will evolve with AI integration.- Trust is crucial for developers to accept automated fixes.- Developers want tools that reduce their workload, not add to it.- Contextual understanding is key for accurate vulnerability triage.- The security market is not saturated; there are still many unsolved problems.- Integrating security into design specifications is the future.- A comprehensive approach to security is necessary for effective risk management.Tune in to find out more! Contacting Surag & Arshan* Surag's LinkedIn: https://www.linkedin.com/in/suragpatel/* Arshan's LinkedIn: https://www.linkedin.com/in/arshan-dabirsiaghi/* Pixee: https://www.pixee.ai/Contacting Anshuman* LinkedIn: https://www.linkedin.com/in/anshumanbhartiya/* X: https://x.com/anshuman_bh* Website: https://anshumanbhartiya.com/* Instagram: https://www.instagram.com/anshuman.bhartiya Contacting Sandesh* LinkedIn: https://www.linkedin.com/in/anandsandesh/* X: https://x.com/JubbaOnJeans* Website: https://boringappsec.substack.com/
--------
56:37
--------
56:37
Ken Johnson
In this episode, we talk to Ken Johnson, Co-Founder & CTO @ DryRun Security. Ken discusses the evolution of application security, focusing on the role of AI and LLMs in enhancing security practices. He emphasizes the importance of context engineering over traditional prompt engineering, the challenges of consistency and repeatability in LLM outputs, and the ethical considerations surrounding AI in security. The discussion also highlights the need for orchestration in AI applications and the future potential of AI in the security landscape.Key Takeaways- DryRun Security utilizes AI to enhance code security.- Context engineering is crucial for effective AI applications.- LLMs can augment security practices but require careful orchestration.- Consistency in LLM outputs is a significant challenge.- Ethical considerations in AI are becoming increasingly important.- Finding the right balance in using LLMs is essential.- Community collaboration is vital for advancing AI solutions.- Orchestration is a key factor in AI performance.- AI will not replace jobs but will change how we work.Tune in to find out more! Contacting Ken* LinkedIn: https://www.linkedin.com/in/cktricky/* DryRun Security: https://www.dryrun.security/Contacting Anshuman* LinkedIn: https://www.linkedin.com/in/anshumanbhartiya/* X: https://x.com/anshuman_bh* Website: https://anshumanbhartiya.com/* Instagram: https://www.instagram.com/anshuman.bhartiya Contacting Sandesh* LinkedIn: https://www.linkedin.com/in/anandsandesh/* X: https://x.com/JubbaOnJeans* Website: https://boringappsec.substack.com/
--------
54:36
--------
54:36
Casey Ellis
In this episode, we talk to Casey Ellis, Founder & Advisor @Bugcrowd.Casey shares his personal journey through health challenges and his insights into the cybersecurity landscape. He discusses the evolution of the bug bounty industry, the importance of secure design, and the role of AI in both enhancing and complicating security measures. Casey emphasizes the need for accountability and the potential of crowdsourcing in security, while also addressing the challenges of implementing effective standards. The conversation concludes with reflections on the future of AI in security and the necessity for focused problem-solving in the industry.Key Takeaways- The bug bounty industry has transformed lives and created new opportunities.- Founding a company involves learning from both successes and failures.- The cybersecurity industry often focuses on quick wins rather than fundamental problems.- Secure by design is essential for addressing root causes of vulnerabilities.- Crowdsourcing can enhance accountability in security practices.- Standards like ASVS are important but can be complex to implement.- AI is both a tool and a threat in the cybersecurity landscape.- Focusing on specific problems is key to leveraging AI effectively.Tune in to find out more! Contacting Casey* LinkedIn: https://www.linkedin.com/in/caseyjohnellis/* Bugcrowd: https://www.bugcrowd.com/Contacting Anshuman* LinkedIn: https://www.linkedin.com/in/anshumanbhartiya/* X: https://x.com/anshuman_bh* Website: https://anshumanbhartiya.com/* Instagram: https://www.instagram.com/anshuman.bhartiya Contacting Sandesh* LinkedIn: https://www.linkedin.com/in/anandsandesh/* X: https://x.com/JubbaOnJeans* Website: https://boringappsec.substack.com/
In this podcast, we will talk about our experiences having worked at different companies - from startups to big enterprises, from tech companies to security companies, and from building side projects to building startups. We will talk about the good, the bad, and everything in between. So join us for some fun, some real, and some super hot takes about all things Security in the Boring AppSec Podcast.
Netherlands