Security You Should Know

In this episode, Grant Oviatt, vp of product and co-founder at Prophet Security, explains how his platform deploys AI agents to investigate and respond to alerts the way a skilled analyst would, using REST API integrations across existing security tools rather than absorbing all your data into another SIEM. Joining him are Will Gregorian, CISO at Galileo Medical, and Howard Holton, CEO at GigaOm.

Want to know:

Why are AI-powered SOC tools adding to analyst frustration rather than reducing it?
When an AI agent makes a bad call on an investigation, who actually owns that failure?
How does Prophet Security's audit trail let you trace every query, piece of evidence, and reasoning step an agent used?
Why is Prophet Security using frontier models rather than training its own, and how does security-specific context change the outcome?
What does giving an AI agent remediation authority look like in practice, and where does Prophet Security draw the line?
How long does it realistically take to go from contract to running Prophet Security against live alerts?

Check out the episode for the answers you need.

Huge thanks to our episode sponser, Prophet Security

Prophet AI is an Agentic AI SOC Platform that investigates and responds with context, shows its reasoning, and elevates every part of your SOC. Prophet AI SOC Analyst investigates and responds to alerts in minutes; Threat Hunter streamlines threat hunts with a natural language interface; and Detection Advisor provides insights on detection quality and coverage.

In this episode, Venkat Siva, co-founder and CEO at CompFly AI, explains how his platform gives security, engineering, and business teams a control plane for autonomous AI agents across their full lifecycle. CompFly discovers agents, assigns each one a verifiable distributed identity, runs adversarial and safety simulations before launch, enforces deterministic policies at runtime through a gateway, and produces immutable audit logs for compliance teams after the fact. Joining him are Mike Lockhart, CISO at EagleView, and Gary Chan, System VP and CISO at SSM Health.
Huge thank you to our sponsor, CompFly AI
CompFly is the control plane for the agentic enterprise. We make autonomous AI agents governable at scale discovering them, evaluating their risk, and enforcing real-time guardrails before execution. Enterprises deploy CompFly to move agents from sandbox to production with the evidence trail their boards/management require.

In this episode, Nico Waisman, CISO at XBOW, explains how XBOW uses autonomous AI agents to run continuous, incremental penetration testing without triggering false-positive avalanches or taking down production systems. Joining him are Jacob Combs, CISO at Tandem Diabetes Care, and Davi Ottenheimer, president at Flying Penguin.
Want to know:
Why can't traditional pen tests keep up with modern attack surfaces?
How XBOW's attack credit model maps to the way security teams already size testing effort?
What stops an autonomous pen testing agent from causing real damage in production?
How incremental testing works when a new pull request changes the application?
Where XBOW is headed on prompt injection and LLM-specific vulnerabilities?
How you audit what the AI actually did during an assessment?
What novel vulnerability chains are emerging as AI reasoning models get more capable?
Check out the episode for the answers you need.
Huge thanks to our sponsor, XBOW

In this episode, Cassio Goldschmidt, co-founder and CTO at Reflex Security, explains how Reflex replaces static, script-driven tabletops with adaptive AI-driven simulations that fight back, measure real human behavior under pressure, and surface the gaps that scripted exercises never reach. Joining him are Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show, and Jay Wilson, CISO and CIO at Insurity.
Want to know:
Why do traditional tabletops train teams to know the plan rather than execute under pressure?
What's the difference between a team that panics and a team that chokes, and why does it matter?
How does Reflex use AI agents to adapt the simulation based on what the team actually does?
Can you run separate tabletops for technical, legal, and executive audiences without multiplying the workload?
Is there a risk that security leaders optimize for the AI's score rather than genuine preparedness?
How does an AI agent joining a video conference change the way a tabletop runs?
How hard should training be relative to the real thing?
Check out the episode for the answers you need.
Huge thanks to our sponsor, Reflex Security

Most tabletop exercises are static, predictable, and easy to pass. Reflex Security built the first tabletop that fights back, throwing teams into dynamic simulations against intelligent AI adversaries that adapt to your every move. With Reflex, your team can move from checkbox exercises to real crisis readiness.

In this episode, Ryan Lloyd, Chief Product Officer at Guardsquare, explains how the platform combines code obfuscation, runtime integrity checks, and real-time threat monitoring to secure mobile apps at the binary level, integrated directly into the CI/CD pipeline. Joining him are TC Niedzialkowski, Head of IT & Security at Opendoor, and Montez Fitzpatrick, CISO at Navvis.

Want to know:

Why does organizational apathy around mobile app security persist even as mobile becomes the primary customer channel?
What's the difference between app integrity and code integrity, and why does it matter for defending against repackaging attacks?
How does obfuscation function as a real security control rather than just security through obscurity?
How does Guardsquare fit into the CI/CD pipeline, and what does the actual build overhead look like for development teams?
What API and webhook capabilities exist for routing threat monitoring data into your existing security stack?
How does Guardsquare's mobile app attestation model bind server-side APIs to verified legitimate app instances — and why does that matter for stopping bots and credential theft?
Huge thanks to our sponsor, Guardsquare

Guardsquare delivers mobile app security without compromise, providing advanced protections for both Android and iOS apps. From app security testing to code hardening to real-time visibility into the threat landscape, Guardsquare solutions provide enhanced mobile application security from early in the development process through publication. Learn more about how to protect your app at Guardsquare.com.