Security Weekly Podcast Network (Audio)

What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups.
One of the themes of this conversation is how important documentation is, whether it's intended for humans or for prompts to LLMs. Importantly, LLMs don't innovate on their own -- they rely on the data they're trained on. And that means there should be good authoritative sources for what secure code looks like. It also means that instructions to LLMs need to be clear and precise enough to produce something useful. Watch what happens when Mark prompts his agents to run a live demo for us!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-374

Interview with Jeremy Snyder from FireTail about AI Governance
Death by a thousand cuts: the AI shadow IT problem
I think the best description of the AI governance problem during this interview was the title of the award-winning movie, Everything, Everywhere, All At Once. Generative AI has been disrupting businesses, products, and vendor risk management for a few years now. FireTail is one of the companies trying to address this problem for enterprises, so we check in with Jeremy Snyder to see how things are going.
Segment 1 Resources:
https://www.firetail.ai/ai-breach-tracker
Interview with Allie Mellen about her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield
We're VERY excited to check out Allie's new book, which will be released on St. Patrick's Day 2026! The timing could not be better, as her book is perfectly positioned to provide some much needed perspective on the cyber aspects of the ongoing war in Iran.
Is it normal to see the use of wipers on healthcare companies in the midst of the conflict? Is there any precedent for hyperscaler datacenters getting targeted (some of AWS's EMEA regions are still recovering)? Check out the conversation to find out!
Pick up the book!
from Wiley
from Barnes & Noble
from Amazon
Allie's personal website
The Weekly Enterprise News
Finally, in the enterprise security news,
Vibes and funding!
Starting to see some disruption in the vuln mgmt space (finally!)
Tons of new free tools
lots of essays
lots of reports
logs of breaches
the talks our hosts are giving at RSAC conference
and someone is selling an actual cone of silence???
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-450

This episode is all about trust getting abused at scale.
We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft.
Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’s transactions in-app, a straight confidentiality failure, not “someone hacked my phone”.
From there it’s the Middle East conflict exposing what “cloud resilience” really means when the problem isn’t cyber, it’s physical disruption and dependency chains. Then Meta’s takedown of 150,000 scam-linked accounts shows the fraud supply chain is still running hot, and the platforms are now part of the battleground whether they like it or not.
The Microsoft story is the one to watch: a critical Excel bug that turns Copilot Agent into a zero-click data leak path. And the AI agent theme keeps going with Context7: attackers slipping instructions into “helpful” context and getting agents to do dumb, destructive things on their behalf.
We finish with Stryker having the worst day with a major outage, disputed claims, and a reminder that if your management plane gets hit, you can lose the whole estate fast. Look at Intune.
No hype. Just the stuff that actually breaks systems, me talking too fast, which to be honest 'slow' is why I turn most podcasts off.
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-563

In the security news this week:
The XZ backdoor documentary
Zero days - the clock isn't ticking
Vulnerability Mis-Management
Reversing traffic light controllers
Reversing with Claude
Don't curl to bash!
Reading CVEs makes my head hurt
Dumping browser secrets
I open-sourced a new(ish) tool
D-LINK exploits
There is no password
I control the building
When old vulnerabilities become new
Tile is for stalkers
Hacking AI
Iran War: What cybersecurity needs to know
National cyber strategy
Coruna
I got phished and I want a refund
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-917

AI has created a dilemma for security teams. Attackers are using AI to develop exploits to newly disclosed vulnerabilities faster than security teams can patch them. Security teams have not fully leveraged the capabilities of AI to autonomously prevent these attacks. Without a radical change in approach, organizations will be exposed to an exponentially increasing attack surface. How long can your organization tolerate being exploitable?
Myke Lyons, CISO at Cribl, joins Business Security Weekly to discuss why organizations need to embrace AI to understand the behavior of attacks to effectively prevent them. For decades, we've focused on the Indicators of Compromise (IoCs) and have played whack-a-mole to try and patch them. Instead, we should focus on the Tactics, Techniques, and Procedures (TTPs) and leverage LLMs to understand the behavior of the attack. Once we understand the behaviors, we can implement preventative controls to minimize exposure. And yes, AI can also help us automate patching, when we're ready to trust it.
In the leadership and communications segment, Your Risk Tolerance Has Changed. Does Your Leadership Team Know That? , The New Leadership Structures that Unblock Innovation, How CISOs can build a resilient workforce, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-438