Enterprise Security Weekly (Audio)

Interview with Shiva Pillay from Veeam
Safe AI at Scale
AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data.
This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them!
Segment resources:
Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness
Topic: Sure, we know how initial access works, but what about lateral movement?
A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it.
Segment Resources:
Link to report page
Weekly Enterprise Security News
Finally, in the enterprise security news,
Funding and acquisitions
Good news, Mythos isn't dangerous anymore!
An excellent breach analysis
Cyber insurance rates are dropping, but there's a catch
CISA updates vulnerability remediation guidance
Zoom calls are worse than you think, and maybe not for the reasons you think
Remember when it was illegal to rip DVDs?
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-463

Interview with Filip Stojkovski on the State of AI in SecOps
Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections.
Segment Resources:
Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership
Topic: The Unintended Consequences of Vulnmaxxing
We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation.
There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind.
The Weekly Enterprise News
Finally, in the enterprise security news,
If you were starting a cybersecurity company today, which category would you pick?
layoffs
funding
the White House AI executive order
OpenAI's frontier governance framework
Anthropic's Zero Trust for AI agents guide
IBM's vulnmaxxing efforts
RICO as a service for job seekers
Instagram had possibly the most embarrassing hack ever
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-462

Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses.
Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach.
Topic
For this week's topic segment, we've got two very interesting data sources.
The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings.
The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter.
Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here).
The Weekly Enterprise News
Finally, in the enterprise security news,
Less funding, more acquisition
the AI SOC startup space is CROWDED
your CEO is suffering from AI psychosis
Some CISOs are done with the job, IT can have it
detecting and removing dangerous secrets from dev workstations
230,000 security advisories roll up to 6 attacker behaviors
The FBI's 2025 IC3 report is out
When tech billionaires make predictions, they're actually sales pitches
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-461

Interview with Rob Allen from Threatlocker
This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls.
Topic: Do the basics, they said. Easier said than done.
Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front.
The weekly enterprise news
Finally, in the enterprise security news,
a really interesting vibe check
funding
acquisitions
the verizon DBIR
we give a tutorial on how to leak AWS keys on github
OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL
agents versus agents
exploitbench
the vulnpocalypse
robot dogs are SO EASY to take out, we don't need to be too scared of them yet
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-460

Interview with Dimitri Sirota from BigID
Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework.
Segment Resources:
BigID's Agent Access Management Guide
BigID's podcast, CTRL + ALT + AI
This Week's Topic: Cascading Breaches
We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend:
How we can stop the chain of breaches from a third party library, vendor, or service provider
How this might get handled at the legal, contractual, and organizational levels
We discuss two big recent examples:
Sonicwall's 2025 breach of their cloud firewall configuration backup service
The compromise of Aqua Security's widely used Trivy open source tool
The Weekly Enterprise News
Finally, in the enterprise security news,
Funding and M&A courtesy of the Security, Funded newsletter
We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this)
The Angry admin problem emerges again
Vulnerability information is getting crazy to keep up with
Breach information is getting crazy to keep up with
You can give your Agents an allowance now - don't spend it all in one place
Are vulnerabilities sparse or dense?
Mythos, as a model, isn't all that special
Deploy your own deception sensors!
Japan made something weird. Again.
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-459