Enterprise Security Weekly (Audio)

Interview with Dimitri Sirota from BigID
Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework.
Segment Resources:
BigID's Agent Access Management Guide
BigID's podcast, CTRL + ALT + AI
This Week's Topic: Cascading Breaches
We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend:
How we can stop the chain of breaches from a third party library, vendor, or service provider
How this might get handled at the legal, contractual, and organizational levels
We discuss two big recent examples:
Sonicwall's 2025 breach of their cloud firewall configuration backup service
The compromise of Aqua Security's widely used Trivy open source tool
The Weekly Enterprise News
Finally, in the enterprise security news,
Funding and M&A courtesy of the Security, Funded newsletter
We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this)
The Angry admin problem emerges again
Vulnerability information is getting crazy to keep up with
Breach information is getting crazy to keep up with
You can give your Agents an allowance now - don't spend it all in one place
Are vulnerabilities sparse or dense?
Mythos, as a model, isn't all that special
Deploy your own deception sensors!
Japan made something weird. Again.
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-459

The Weekly Enterprise News
This week, in the enterprise security news,
Copy Fail
The hits keep coming for CVE, NIST and NVD
Cyber attacks on breathalyzers
insurance carriers pulling support for AI
Florida Man pleads guilty
ignore the humanities at your own peril
offense and defense don't scale the same
is it okay to be left behind?
scientists gave cocaine to salmon
Mind the Gap: Confidence, AI, and the Future of Exposure Management
Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality.
Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac.
Modern Phishing Attacks Are Under Multi-Channel Siege
Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past.
This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them!
AI is Now Default Enterprise Accelerator
The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection.
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-458

Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About
Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate.
The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged assets like IoT and OT.
The bottom line: PQC migration is unavoidable. Starting early—especially with crypto inventory and planning—will make the transition far less painful.
RSAC Interview: Multi-Channel Impersonation: Why Legacy Controls Are Failing
As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He'll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today.
Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach.
RSAC Interview: OT: Segmented Today, Breached Tomorrow
As the worlds of IT and OT converge, traditional network segmentation falls short, exposing risks in the critical environments that keep energy flowing and shelves stocked. Conventional security tools fail to identify these gaps, with serious repercussions for operators. At runZero, we empower defenders to win by default through comprehensive discovery, rapid detection of critical exposures, and unique segmentation analysis that does not depend on span ports, credentials, or on-device agents. runZero provides real-time insights into even the most sensitive environments — quickly, safely, and securely.
This segment is sponsored by runZero. Visit https://securityweekly.com/runzerorsac to learn more about them!
RSAC Interview: Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI
The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents.
Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac.
RSAC Interview: The Threat Curve Has Reset: Why AI Made "Solved" Attacks Dangerous Again
AI hasn't just evolved cyberattacks—it has reset the threat curve entirely. New research shows that even "solved" problems like phishing and business email compromise are immature and dangerous again, with attackers using AI and autonomous agents to launch hyper-personalized, multi-channel attacks at scale. This session explores what Phishing 3.0 really means for security leaders—and why defending trust now requires a fundamentally new approach.
This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/IRONSCALESrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-457

Rethinking Security from the OS Up in the Age of AI
Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures.
She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source.
The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries.
Segment Resources:
https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078
​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction.
This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them!
Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware's Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control.
This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them!
Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise.
See it in action. Request a demo at https://securityweekly.com/resiliencersac.
Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM.
This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-456

Interview with Jim Spignardo
What does it take to build AI workflows that work? Why do so many fail?
Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim.
He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures.
Segment Resources:
https://www.proarch.com/
Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise
RSAC Exec Interviews, Part 1
Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report
Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond.
This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them!
X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents
Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence.
Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac.
RSAC Exec Interviews, Part 2
Introducing Legion Investigator: Goal-Oriented AI Investigations
Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst.
This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them!
The Missing Layer in Zero Trust: The Security Policy Control Plane
Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves.
This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-455