Security Weekly Podcast Network (Audio)

We showcase recordings from this year's RSAC.
At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026.
Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what’s different or special about securing agent identities.
We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike.
Segment Resources:
https://genai.owasp.org
https://genai.owasp.org/resources/
https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381
This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-384

Interview with Rob Allen from Threatlocker
This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls.
Topic: Do the basics, they said. Easier said than done.
Guillaume and Adrian discuss the futility of attempting to do all the foundational work standards, best practices, and regulations expect of organizations. Adrian has given up. Fortunately, Guillaume has some excellent advice and hope to share on this front.
The weekly enterprise news
Finally, in the enterprise security news,
a really interesting vibe check
funding
acquisitions
the verizon DBIR
we give a tutorial on how to leak AWS keys on github
OH NEVERMIND, SOMEONE AT CISA ALREADY MADE THE TUTORIAL
agents versus agents
exploitbench
the vulnpocalypse
robot dogs are SO EASY to take out, we don’t need to be too scared of them yet
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-460

TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-583

In the security news this week:
FCC router bans and the hidden firmware update problem
Why extending support timelines actually improves security
Github supply chain concerns and the evolving SBOM ecosystem
CRA and NIS2 compliance deadlines are getting very real
The EU Cyber Resilience Act’s 24-hour vulnerability disclosure requirement
Security regulation: vertical vs horizontal compliance models
Vehicle-to-load EV systems powering homes during outages
Solar, batteries, AI farms, and the future economics of electricity
Data centers consuming regional power grids
BitLocker “Yellow Key” fallout and large-scale remediation challenges
AI-generated PowerShell fixes and the rise of vibe scripting
Linux kernel exploits, module jail, and default deny strategies
Medical biometric data theft and why fingerprints are terrible passwords
Interpol cybercrime operations across the MENA region
OT security, connected vehicles, and accepting real-world risk
The crew also discusses threat intelligence obligations under the CRA, the operational realities of patching at enterprise scale, the economics of secure-by-default systems, and why making security cheaper than insecurity might finally move the industry forward.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-927

Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect a -7 day vulnerability? Detection and response cannot keep, so what's the answer?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss why cybersecurity is shifting from detection and response to prevention and enforcement. As attackers accelerate through automation and AI, organizations are revisiting prevention-focused controls. Rob will discuss why organizations need to adopt application allowlisting, Zero Trust, Ringfencing, and policy enforcement to reduce attacker freedom before execution occurs. Prevention-first security is the only way to decrease the AI attack surface.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, What CISOs need to land a board role, The Security Mistakes Being Repeated With AI, When Senior Leaders Lack People Skills, Transformations Fail, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-448