Enterprise Security Weekly (Audio)

Adrian Sanabria

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.

  1. 5d ago

    Hungry? We talk Smoked Meat, Poutine, and Bagel - also, Identiverse Interviews! - John Pritchard, Cassie Christensen, Jaime Lewis-Gross, François Proulx, Kim Brown - ESW #467

    Interview with François Proulx from Boost Security Software Supply Chain Security: Build Pipeline (CI/CD) Exploitation Boost Security is the creator of some very popular build pipeline security tools, like Bagel and Poutine. Today, we discuss their latest tool, Smoked Meat. They describe it as "Like Metasploit, but for CI/CD pipelines". Segment Resources: Smoked Meat announcement Smoked Meat github Smoked Meat demo with Guillaume and François Identiverse Interview with Dr. John Prichard from Radiant Logic The Three Identity Problem: Surviving Identity Security's Chaotic Era Identity security has entered its chaotic era. Human, non-human, and agentic AI identities no longer just coexist. They form an uncontrolled inheritance chain in which a human creates an agent, the agent spins up service principals, OAuth grants, and role assignments, and that whole chain keeps running long after the human changes roles or leaves. Most of these chains are being spawned by business users on low-code and enterprise AI platforms, outside traditional identity controls and largely invisible to security. In this segment, Radiant Logic CEO Dr. John Pritchard joins us to unpack why this is no longer a visibility problem. It is an observability problem. And it is shifting the center of gravity in identity security from authentication to authorization. Listeners will leave with a clearer view of where their current IAM, IGA, and NHI programs fall short, and a practical lens for governing the rapidly expanding population of AI agents already inside their environments. To go deeper on what John discussed today, watch Radiant Logic's on-demand webinar Identities Under Attack: How Adversaries Exploit the Human-Machine-Agent Divide at https://securityweekly.com/radiantlogicidv. Identiverse Interview with Cassie Christensen from Saviynt Everyone Wants an AI Assistant. Few Are Ready to Govern One Explore a growing reality many professionals can relate to: the appeal of using AI agents to handle the work that keeps piling up - from inbox management to research and logistics - and the governance challenges that quickly follow. The real barrier to scaling personal or enterprise AI agents isn't the technology itself, but defining clear roles, access boundaries, oversight, and lifecycle management. As organizations deploy more autonomous AI agents, the same identity frameworks used to govern workforce and non-employee identities must now evolve to manage AI-driven access before scale and risk outpace control. This segment is sponsored by Saviynt. Learn more or get a free demo at https://securityweekly.com/saviyntidv Identiverse Interview with Jaime Lewis-Gross from Saviynt From Sales Engineer to Forward Deployed Engineer: The Rise of Hybrid Technical Roles As technology organizations evolve, technical roles are becoming increasingly fluid - particularly at the intersection of product, engineering, and customer success. This conversation explores what it means to be a modern sales engineer and how the role is increasingly expanding into responsibilities often associated with forward deployed engineers: translating complex technical capabilities into real-world outcomes, solving customer challenges in real time, and serving as a critical bridge between product teams and end users. At the center of this evolution is a customer-first mindset - one that prioritizes listening, adaptability, and long-term partnership. As organizations race to innovate, the companies that stand out will be those that remain deeply focused on customer needs while empowering technical teams to operate beyond traditional role boundaries. This segment is sponsored by Saviynt. Learn more or get a free demo at https://securityweekly.com/saviyntidv Identiverse Interview with Kim Brown from LexisNexis Stop Identity Fraud: Modern Strategies for Insurance and Healthcare Identity fraud is growing more sophisticated across both insurance and healthcare, making identity management a critical line of defense. In this executive interview, Kim Brown, VP of Product Management, will explore how organizations can strengthen identity verification, authentication, and risk assessment to reduce fraud while improving user experiences. The discussion will highlight emerging threats, evolving regulatory expectations, and practical strategies for deploying identity solutions at scale. Attendees will gain actionable insights to protect customers, patients, and their organizations without adding friction. This segment is sponsored by LexisNexis Risk Solutions. Visit https://securityweekly.com/lexisnexisidv to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-467

    Hungry? We talk Smoked Meat, Poutine, and Bagel - also, Identiverse Interviews! - John Pritchard, Cassie Christensen, Jaime Lewis-Gross, François Proulx, Kim Brown - ESW #467
  2. Jul 6

    Mastering agent permissions and Identiverse interviews - Howard Ting, Ajay Gupta, Sandy Bird, Amir Ofek - ESW #466

    Interview with Sandy Bird, co-founder of Sonrai Security In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints. Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them. This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Segment Resources AWS Bedrock agent permissions: what you need to lock down before you go live Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents. The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities. It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle. Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates. Download the SANS AI Security Maturity Model eBook This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them! The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested. https://www.opal.dev/resource-center/identity-governance-report-2026-ai-access This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them! Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-466

    Mastering agent permissions and Identiverse interviews - Howard Ting, Ajay Gupta, Sandy Bird, Amir Ofek - ESW #466
  3. Jun 29

    Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465

    Interview with Adriel Desautels - the pentest is broken Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it. Segment Resources: https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the-enterprise-price-tag https://netragard.com/blog/what-is-penetration-testing/ Topic: Why Meta is destroying its engineering organization The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineering A very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below. This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues. 'Tell Him He's a Piece of Shit': Meta's New AI Unit Is a Total Mess The Newest Instagram "Exploit" is the Goofiest I've Seen Meta CTO Andrew Bosworth Admits the Company's AI Reorg Was 'Atrocious' Meta's months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it The Weekly Enterprise News Finally, in the enterprise security news, an AI vibe check An AI SOC vendor shuts down Cybersecurity vendor layoffs funding & acquisitions cascading breaches digital estate management criminals don't trust AI either some devs won't code without AI, even if you pay them to Midjourney is now a healthcare company? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-465

    Fixing pentesting, Meta is destroying its engineering org, the weekly news  - Adriel Desautels - ESW #465
  4. Jun 22

    Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464

    Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-464

    Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464
  5. Jun 15

    Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

    Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data. This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them! Segment resources: Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness Topic: Sure, we know how initial access works, but what about lateral movement? A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it. Segment Resources: Link to report page Weekly Enterprise Security News Finally, in the enterprise security news, Funding and acquisitions Good news, Mythos isn't dangerous anymore! An excellent breach analysis Cyber insurance rates are dropping, but there's a catch CISA updates vulnerability remediation guidance Zoom calls are worse than you think, and maybe not for the reasons you think Remember when it was illegal to rip DVDs? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-463

    Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463
  6. Jun 8

    The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462

    Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-462

    The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462
  7. Jun 1

    Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461

    Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-461

    Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461

Ratings & Reviews

4.9
out of 5
14 Ratings

About

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.

You Might Also Like