485 episodes
Hungry? We talk Smoked Meat, Poutine, and Bagel - also, Identiverse Interviews! - John Pritchard, Cassie Christensen, Jaime Lewis-Gross, François Proulx, Kim Brown - ESW #467
2026/07/13 | 1h 38 mins.Interview with François Proulx from Boost Security
Software Supply Chain Security: Build Pipeline (CI/CD) Exploitation
Boost Security is the creator of some very popular build pipeline security tools, like Bagel and Poutine. Today, we discuss their latest tool, Smoked Meat. They describe it as "Like Metasploit, but for CI/CD pipelines".
Segment Resources:
Smoked Meat announcement
Smoked Meat github
Smoked Meat demo with Guillaume and François
Identiverse Interview with Dr. John Prichard from Radiant Logic
The Three Identity Problem: Surviving Identity Security's Chaotic Era
Identity security has entered its chaotic era. Human, non-human, and agentic AI identities no longer just coexist. They form an uncontrolled inheritance chain in which a human creates an agent, the agent spins up service principals, OAuth grants, and role assignments, and that whole chain keeps running long after the human changes roles or leaves. Most of these chains are being spawned by business users on low-code and enterprise AI platforms, outside traditional identity controls and largely invisible to security.
In this segment, Radiant Logic CEO Dr. John Pritchard joins us to unpack why this is no longer a visibility problem. It is an observability problem. And it is shifting the center of gravity in identity security from authentication to authorization. Listeners will leave with a clearer view of where their current IAM, IGA, and NHI programs fall short, and a practical lens for governing the rapidly expanding population of AI agents already inside their environments.
To go deeper on what John discussed today, watch Radiant Logic's on-demand webinar Identities Under Attack: How Adversaries Exploit the Human-Machine-Agent Divide at https://securityweekly.com/radiantlogicidv.
Identiverse Interview with Cassie Christensen from Saviynt
Everyone Wants an AI Assistant. Few Are Ready to Govern One
Explore a growing reality many professionals can relate to: the appeal of using AI agents to handle the work that keeps piling up - from inbox management to research and logistics - and the governance challenges that quickly follow. The real barrier to scaling personal or enterprise AI agents isn't the technology itself, but defining clear roles, access boundaries, oversight, and lifecycle management. As organizations deploy more autonomous AI agents, the same identity frameworks used to govern workforce and non-employee identities must now evolve to manage AI-driven access before scale and risk outpace control.
This segment is sponsored by Saviynt. Learn more or get a free demo at https://securityweekly.com/saviyntidv
Identiverse Interview with Jaime Lewis-Gross from Saviynt
From Sales Engineer to Forward Deployed Engineer: The Rise of Hybrid Technical Roles
As technology organizations evolve, technical roles are becoming increasingly fluid - particularly at the intersection of product, engineering, and customer success. This conversation explores what it means to be a modern sales engineer and how the role is increasingly expanding into responsibilities often associated with forward deployed engineers: translating complex technical capabilities into real-world outcomes, solving customer challenges in real time, and serving as a critical bridge between product teams and end users. At the center of this evolution is a customer-first mindset - one that prioritizes listening, adaptability, and long-term partnership. As organizations race to innovate, the companies that stand out will be those that remain deeply focused on customer needs while empowering technical teams to operate beyond traditional role boundaries.
This segment is sponsored by Saviynt. Learn more or get a free demo at https://securityweekly.com/saviyntidv
Identiverse Interview with Kim Brown from LexisNexis
Stop Identity Fraud: Modern Strategies for Insurance and Healthcare
Identity fraud is growing more sophisticated across both insurance and healthcare, making identity management a critical line of defense. In this executive interview, Kim Brown, VP of Product Management, will explore how organizations can strengthen identity verification, authentication, and risk assessment to reduce fraud while improving user experiences. The discussion will highlight emerging threats, evolving regulatory expectations, and practical strategies for deploying identity solutions at scale. Attendees will gain actionable insights to protect customers, patients, and their organizations without adding friction.
This segment is sponsored by LexisNexis Risk Solutions. Visit https://securityweekly.com/lexisnexisidv to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-467Mastering agent permissions and Identiverse interviews - Howard Ting, Ajay Gupta, Sandy Bird, Amir Ofek - ESW #466
2026/07/06 | 1h 17 mins.Interview with Sandy Bird, co-founder of Sonrai Security
In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints.
Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them.
This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them!
Segment Resources
AWS Bedrock agent permissions: what you need to lock down before you go live
Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome
Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents.
The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities.
It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle.
Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates.
Download the SANS AI Security Maturity Model eBook
This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them!
The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security
A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested.
https://www.opal.dev/resource-center/identity-governance-report-2026-ai-access
This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them!
Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG
Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance.
This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-466Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465
2026/06/29 | 1h 40 mins.Interview with Adriel Desautels - the pentest is broken
Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it.
Segment Resources:
https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity
https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the-enterprise-price-tag
https://netragard.com/blog/what-is-penetration-testing/
Topic: Why Meta is destroying its engineering organization
The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineering
A very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below.
This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues.
'Tell Him He's a Piece of Shit': Meta's New AI Unit Is a Total Mess
The Newest Instagram "Exploit" is the Goofiest I've Seen
Meta CTO Andrew Bosworth Admits the Company's AI Reorg Was 'Atrocious'
Meta's months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it
The Weekly Enterprise News
Finally, in the enterprise security news,
an AI vibe check
An AI SOC vendor shuts down
Cybersecurity vendor layoffs
funding & acquisitions
cascading breaches
digital estate management
criminals don't trust AI either
some devs won't code without AI, even if you pay them to
Midjourney is now a healthcare company?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-465Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464
2026/06/22 | 1h 37 mins.Interview with Ankita Gupta, CEO of Akto
How to Navigate Shadow AI Risk in the enterprise
This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options?
Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace.
Segment Resources:
Website: https://www.akto.io
Book a Free Demo: https://www.akto.io/agentic-security-demo
LinkedIn: https://www.linkedin.com/company/akto-io
YouTube: https://www.youtube.com/@aktodotio
This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do.
Topic Segment: Verizon's Breach Impact Study
The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims!
Some of my favorite insights:
Cost of breaches, broken out by SMB, mid-sized enterprise, and large
The claim amount as a percentage of the company's revenue
Losses broken down by loss TYPE
This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc.
With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled.
Security failures aren't getting any cheaper.
Weekly Enterprise News
Finally, in the enterprise security news,
A $100M seed round!
Accenture acquires 3 security vendors
Some thoughts on the government takedown of Fable and Mythos
One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams!
A Critical Copilot vulnerability
75,000 Fortinet Firewalls get compromised
Remediation is broken
Using guardrails to evade detection
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-464Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463
2026/06/15 | 1h 31 mins.Interview with Shiva Pillay from Veeam
Safe AI at Scale
AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data.
This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them!
Segment resources:
Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness
Topic: Sure, we know how initial access works, but what about lateral movement?
A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it.
Segment Resources:
Link to report page
Weekly Enterprise Security News
Finally, in the enterprise security news,
Funding and acquisitions
Good news, Mythos isn't dangerous anymore!
An excellent breach analysis
Cyber insurance rates are dropping, but there's a catch
CISA updates vulnerability remediation guidance
Zoom calls are worse than you think, and maybe not for the reasons you think
Remember when it was illegal to rip DVDs?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-463
More Education podcasts
Trending Education podcasts
About Enterprise Security Weekly (Audio)
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.
Podcast websiteListen to Enterprise Security Weekly (Audio), The Daily Stoic and many other podcasts from around the world with the radio.net app

Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features


Enterprise Security Weekly (Audio)
Scan code,
download the app,
start listening.
download the app,
start listening.


























