Resilient Cyber: Ravid Circus - Tackling the Prioritization Crisis in Cyber
In this episode, we sit down with the Co-Founder and CPO of Seemplicity, Ravid Circus, to discuss tackling the prioritization crisis in cybersecurity and how AI is changing vulnerability management.We dove into a lot of great topics, including:The massive challenge of not just finding and managing vulnerabilities but also remediation, with Seemplicity’s Year in Review report finding organizations face 48.6 million vulnerabilities annually and only 1.7% of them are critical. That still means hundreds of thousands to millions of vulnerabilities need to be remedied - and organizations struggle with this, even with the context of what to prioritize.There’s a lot of excitement around AI in Cyber, including in GRC, SecOps, and, of course, AppSec and vulnerability management. How do you discern between what is hype and what can provide real outcomes?What practical steps can teams take to bridge the gap between AI’s ability to find problems and security teams’ ability to fix them?One of the major issues is determining who is responsible for fixing findings in the space of Remediation Operations, where Seemplicity specializes. Ravid talks about how, both technically and culturally, Seemplicity addresses this challenge of finding the fixer.What lies ahead for Seemplicity this year with RSA and beyond
--------
23:02
Resilient Cyber w/ Varun Badhwar - AI for AppSec - Beyond the Buzzwords
In this episode, we sit down with Varun Badhwar, Founder and CEO of Endor Labs, to discuss the state of AI for AppSec and move beyond the buzzwords. We discussed the rapid adoption of AI-driven development, its implications for AppSec, and how AppSec can leverage AI to address longstanding challenges and mitigate organizational risks at scale.Varun and I dove into a lot of great topics, such as:The rise of GenAI and LLMs and their broad implications on CybersecurityThe dominant use case of AI-driven development with Copilots and LLM written code, leading to a Developer productivity boost. AppSec has struggled to keep up historically, with vulnerability backlogs getting out of control. What will the future look like now?Studies show that AI-driven development and Copilots don’t inherently produce secure code, and frontier models are primarily trained on open source software, which has vulnerabilities and other risks. What are the implications of this for AppSec?How can AppSec and Cyber leverage AI and agentic workflows to address systemic security challenges? Developers and attackers are both early adopters of this technology.Navigating vulnerability prioritization, dealing with insecure design decisions and addressing factors such as transitive dependencies.The importance of integrating with developer workflows, reducing cognitive disruption and avoiding imposing a “Developer Tax” with legacy processes and tooling from security.
--------
26:44
Resilient Cyber w/ Jit - Agentic AI for AppSec is Here
In this episode, we sit down with David Melamed and Shai Horovitz of the Jit team. We discussed Agentic AI for AppSec and how security teams use it to get real work done.We covered a lot of key topics, including:What some of the systemic problems facing AppSec are, even before the widespread adoption of AI, such as vulnerability prioritization, security technical debt and being outnumbered exponentially by Developers.The surge of interest and investment in AI and agentic workflows for AppSec, and why AppSec is an appealing space for this sort of investment and excitement.How the prior wave of AppSec tooling was focused on findings problems, riding the wave of shift left but how this has led to alert fatigue and overload, and how the next-era of AppSec tools will need to focus on not just finding but actually fixing problems.Some of the unique capabilities and features the Jit team has been working on, such as purpose-built agents in areas such as SecOps, AppSec and Compliance, as well as context-graphs with organizational insights to drive effective remediation.The role of Agentic AI and how it will help tackle some of the systemic challenges in the AppSec industry.Addressing concerns around privacy and security when using AI, by leveraging offerings from CSPs and integrating guardrails and controls to mitigate risks.
We sit with Lasso Security CEO and Co-Founder Elad Schulman in this episode.Lasso focuses on secure enterprise LLM/GenAI adoption, from LLM Applications, GenAI Chatbots, Code Protection, Model Red Teaming, and more. Check them out at https://lasso.securityWe dove into a lot of great topics, such as:Dealing with challenges around visibility and governance of AI, much like previous technological waves such as mobile, Cloud, and SaaSUnique security considerations for different paths of using and building with AI, such as self-hosted models and consuming models as-a-service from SaaS LLM providersPotential vulnerabilities and threats associated with AI-driven development products such as Copilots and Coding assistantsSoftware Supply Chain Security (SSCS) risks such as package hallucinations, and both safeguarding the data that goes out to external coding tools, as well as secure consumption of the data coming into the organizationSecuring AI itself and dealing with risks and threats such as model poisoning and implementing model red teamingLasso discovered several critical concerns in their AI security research, such as Microsoft’s Copilot exposing thousands of private GitHub repos
In this episode, we sit down with Piyush Sharrma, CEO and co-founder of the Tuskira team. They're an AI-powered defense optimization platform innovating around leveraging an Agentic Security Mesh.We will dive into topics such as Platform vs. Point Solutions, Security Tool Sprawl, Alert Fatigue, and how AI can create "intelligent" layers to unify and enhance security tooling ROI.We discussed:What drove Piyush to jump back into the startup space after successfully exiting from a previous startup he helped foundThe industry debate around Platform vs. Point Solutions or Best-of-Breed and the perspectives between industry industry leaders and innovative startupsDealing with the challenge of alert fatigue security and development teams and the role of AI in reducing cognitive overload and providing insight into organizational risks across tools, tech stacks, and architecturesThe role of AI in providing intelligence layers or an Agentic Security Mesh across existing security tools and defenses and mitigating organizational risks beyond isolated vulnerability scans by looking at compensating controls, configurations, and more.Shifting security from a reactionary model around incident response and exploitation to a preemptive risk defense model that minimizes attack surface and optimizes existing security investments and architectures
Resilient Cyber brings listeners discussions from a variety of Cybersecurity and Information Technology (IT) Subject Matter Experts (SME) across the Public and Private domains from a variety of industries. As we watch the increased digitalization of our society, striving for a secure and resilient ecosystem is paramount.
Listen to Resilient Cyber, The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and Analysis and many other podcasts from around the world with the radio.net app
South Africa