Security Weekly Podcast Network (Audio)

Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus on actions can be more effective than roles. One of the biggest challenges in securing agents along with all of the other identities that organizations manage is how fragmented that management has become. But a unified engineering view of identities is just a start. Once you're able to shift to a practice where access is granted based on attributes and limited durations, then your environment becomes more resilient to mistakes and unexpected actions, not to mention the security concerns that come with agents acting on their own.
Who Is Responsible for an AI Agent's Actions? As AI agents gain the ability to access systems, invoke tools, and take action on behalf of users, organizations need clear frameworks that define responsibility for machine-driven decisions and outcomes. This segment examines how accountability, delegation, and attribution can be established across users, developers, security teams, and business stakeholders. Neha will explore how governance models support transparent, auditable agent-driven workflows while helping organizations manage risk and maintain trust.
This segment is sponsored by P0 Security. Visit https://securityweekly.com/p0idv to learn more about them!
The rapid rise of agentic AI and non-human identities is fundamentally reshaping the future of identity security, challenging traditional IAM and PAM models built around predictable human behavior. In this executive interview at Identiverse 2026, Amit Masand discusses how autonomous systems, AI agents, and machine identities are creating new operational and governance challenges for modern enterprises. Drawing from more than two decades of industry experience, the conversation explores the growing complexity of continuous governance in a world where identities increasingly operate at machine speed.
Segment Resources: https://www.idmexpress.com/post/preventing-cybersecurity-incidents-through-managed-services https://www.idmexpress.com/post/cyberark-securing-aws https://www.idmexpress.com/post/turning-roadblocks-into-breakthroughs-a-custom-oracle-pam-integration-story
Contact IDMEXPRESS! Secure Your Tomorrow, Today: https://securityweekly.com/idmidv
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-388

Interview with Ankita Gupta, CEO of Akto
How to Navigate Shadow AI Risk in the enterprise
This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options?
Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace.
Segment Resources:
Website: https://www.akto.io
Book a Free Demo: https://www.akto.io/agentic-security-demo
LinkedIn: https://www.linkedin.com/company/akto-io
YouTube: https://www.youtube.com/@aktodotio
This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do.
Topic Segment: Verizon's Breach Impact Study
The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims!
Some of my favorite insights:
Cost of breaches, broken out by SMB, mid-sized enterprise, and large
The claim amount as a percentage of the company's revenue
Losses broken down by loss TYPE
This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc.
With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled.
Security failures aren't getting any cheaper.
Weekly Enterprise News
Finally, in the enterprise security news,
A $100M seed round!
Accenture acquires 3 security vendors
Some thoughts on the government takedown of Fable and Mythos
One of the craziest security mistakes I’ve ever seen, in the software FIFA uses to manage World Cup streams!
A Critical Copilot vulnerability
75,000 Fortinet Firewalls get compromised
Remediation is broken
Using guardrails to evade detection
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-464

Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more.
Segment Resources:
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Visit https://www.securityweekly.com/swn for all the latest episodes!
Show Notes: https://securityweekly.com/swn-591

In the security news this week:
GPS spoofing and satellite jamming are getting way too accessible
Rekeying satellites in orbit sounds terrifying
Cyber extortion and whether criminals still have ethics
AI helping cybersecurity research... and drug discovery
Data centers eating regional power grids
Nuclear, solar, natural gas, and the future of AI infrastructure
What happens when GPS stops being trustworthy?
Satellite constellations as the next critical infrastructure target
AI guardrails and why sci-fi warned us first
Cyber ranges that don't simulate reality anymore
The weird morality line between hackers, scammers, and criminals
Future satellite warfare without calling it warfare
Security standards for infrastructure nobody thought would be online
Historical cybersecurity stories that suddenly feel very current
Why AI changes both offense and defense simultaneously
And how much of modern cyber defense is just educated guessing
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-931

The browser has become the primary gateway to work, data, and AI. In this episode, Arunesh Chandra, Head of Product, Microsoft Edge for Business at Microsoft Edges for Business, will discuss why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. Arunesh cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption.
This segment is sponsored by Microsoft Edge for Business. Visit https://securityweekly.com/edgeforbusiness to learn more about them!
In the leadership and communications segment, CISO role changes as cyber-risk appetites in the C-suite grow, AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!, 6 Ways Leaders Harness Stress, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-452