Enterprise Security Weekly (Audio)

Interview with Ankita Gupta, CEO of Akto
How to Navigate Shadow AI Risk in the enterprise
This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options?
Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace.
Segment Resources:
Website: https://www.akto.io
Book a Free Demo: https://www.akto.io/agentic-security-demo
LinkedIn: https://www.linkedin.com/company/akto-io
YouTube: https://www.youtube.com/@aktodotio
This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do.
Topic Segment: Verizon's Breach Impact Study
The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims!
Some of my favorite insights:
Cost of breaches, broken out by SMB, mid-sized enterprise, and large
The claim amount as a percentage of the company's revenue
Losses broken down by loss TYPE
This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc.
With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled.
Security failures aren't getting any cheaper.
Weekly Enterprise News
Finally, in the enterprise security news,
A $100M seed round!
Accenture acquires 3 security vendors
Some thoughts on the government takedown of Fable and Mythos
One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams!
A Critical Copilot vulnerability
75,000 Fortinet Firewalls get compromised
Remediation is broken
Using guardrails to evade detection
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-464

Interview with Shiva Pillay from Veeam
Safe AI at Scale
AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data.
This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them!
Segment resources:
Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness
Topic: Sure, we know how initial access works, but what about lateral movement?
A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it.
Segment Resources:
Link to report page
Weekly Enterprise Security News
Finally, in the enterprise security news,
Funding and acquisitions
Good news, Mythos isn't dangerous anymore!
An excellent breach analysis
Cyber insurance rates are dropping, but there's a catch
CISA updates vulnerability remediation guidance
Zoom calls are worse than you think, and maybe not for the reasons you think
Remember when it was illegal to rip DVDs?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-463

Interview with Filip Stojkovski on the State of AI in SecOps
Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections.
Segment Resources:
Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership
Topic: The Unintended Consequences of Vulnmaxxing
We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation.
There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind.
The Weekly Enterprise News
Finally, in the enterprise security news,
If you were starting a cybersecurity company today, which category would you pick?
layoffs
funding
the White House AI executive order
OpenAI's frontier governance framework
Anthropic's Zero Trust for AI agents guide
IBM's vulnmaxxing efforts
RICO as a service for job seekers
Instagram had possibly the most embarrassing hack ever
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-462

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses.
Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach.
Topic
For this week's topic segment, we've got two very interesting data sources.
The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings.
The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter.
Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here).
The Weekly Enterprise News
Finally, in the enterprise security news,
Less funding, more acquisition
the AI SOC startup space is CROWDED
your CEO is suffering from AI psychosis
Some CISOs are done with the job, IT can have it
detecting and removing dangerous secrets from dev workstations
230,000 security advisories roll up to 6 attacker behaviors
The FBI's 2025 IC3 report is out
When tech billionaires make predictions, they're actually sales pitches
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-461

Interview with Rob Allen from Threatlocker
This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls.
Topic: Do the basics, they said. Easier said than done.
Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front.
The weekly enterprise news
Finally, in the enterprise security news,
a really interesting vibe check
funding
acquisitions
the verizon DBIR
we give a tutorial on how to leak AWS keys on github
OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL
agents versus agents
exploitbench
the vulnpocalypse
robot dogs are SO EASY to take out, we don't need to be too scared of them yet
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-460