Secured by Design - IAM & Cybersecurity Podcast

Santosh Subramanian

Great security solution are designed from the ground up..Secured by Design is a podcast where Santosh shares practical insights, frameworks, and perspectives on identity security and other aspects of cybersecurity.Each episode breaks down complex concepts into actionable ideas for professionals protecting digital identities, designing secure systems, and leading security initiatives. Because true security is built  and not bolted on...

  1. May 10

    Mastering AI Security: Top 10 Risks and Mitigations for LLMs

    Summary This episode explores the top 10 security risks associated with deploying large language models (LLMs) and AI systems. It provides practical insights and mitigation strategies to help organizations secure their AI implementations effectively. Keywords AI security, LLM risks, prompt injection, data leakage, supply chain security, poisoning, output handling, system prompt leakage, misinformation, resource exhaustion Key  topics Prompt injection vulnerabilities Sensitive data leakage in AI systems Supply chain risks in AI deployment Data and model poisoning techniques Handling AI-generated outputs securely Managing AI agent autonomy and permissions System prompt leakage and its implications Weaknesses in vector and embedding systems Hallucinations and misinformation in AI Resource exhaustion and denial of service in AI Chapters 00:00 Introduction to AI Security Risks 04:55 Prompt Injection: The King of Vulnerabilities 11:48 Supply Chain Vulnerabilities in AI Systems 18:47 Improper Output Handling and Its Risks 24:59 Misinformation and Hallucination Problems Resources OWASP Top 10 for Large Language Models (https://owasp.org/www-project-top-10-for-large-language-model-applications/) Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    27 min

  2. May 4

    Securing Autonomous AI: The OWASP Top 10 Risks Explored

    Summary This episode explores the security risks associated with AI agents, focusing on the OWASP top 10 vulnerabilities and practical mitigation strategies. Learn how autonomous systems can be secured to prevent catastrophic failures and protect organizational assets. Key  topics AI agent security risks OWASP top 10 for agent applications Mitigation strategies for autonomous systems Chapters 00:00 The Nine-Second Database Incident 01:42 The Growing Threat of Autonomous System Incidents 02:19 Defining AI Agents and Their Architecture 03:14 Understanding Policies and Human in the Loop (HITL) 05:50 Agent Goal Hijacking and Prompt Injection 07:14 Tool Misuse, Poisoning, and Exploitation 08:53 Identity and Privilege Abuse in AI Agents 09:48 Supply Chain Vulnerabilities in AI Systems 11:40 Unexpected Code Execution Risks 12:55 Memory and Context Poisoning 14:16 Insecure Interagent Communication 15:53 Cascading Failures and Uncontrolled Amplification 17:22 Human Trust Exploitation and Social Engineering 19:01 Rogue Agents and Goal Misalignment 20:35 Five Themes for Securing AI Agents 22:46 Starting Your AI Security Inventory Resources OWASP Top 10 for Agent Tech Applications - https://owasp.org/www-project-top-ten-for-agent-tech-applications/ Cloud Security Alliance Report on AI Incidents - https://cloudsecurityalliance.org/research/ai-security/ Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    24 min

  3. Apr 22

    How Vercel's Supply Chain Attack Unfolded

    Summary This episode dissects the recent Vercel breach, a supply chain attack involving third-party AI tools, OAuth vulnerabilities, and insider risks. It highlights practical steps organizations can take to enhance cybersecurity and prevent similar incidents. Key  topics Supply chain attack involving third-party AI tools OAuth vulnerabilities and permissions management Best practices for environment variable security Incident response and credential rotation strategies Chapters 00:00 The Vercel Breach: An Overview 05:43 The Supply Chain Attack Unfolds 12:45 The Shift in Cybersecurity Paradigms 19:11 The Importance of Trust in Security Keywords cybersecurity, supply chain attack, OAuth, Vercal breach, AI security, cloud security, incident response, third-party risk, environment variables, credential rotation Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    21 min

  4. Apr 19

    The Mythos Inflection: AI and the Future of Cyber Defense

    Summary This episode explores the groundbreaking capabilities of Anthropic's Mythos AI model, its implications for cybersecurity, and how defenders can adapt to this new threat landscape. We discuss the model's ability to autonomously identify and exploit vulnerabilities, the strategic responses from industry leaders, and the importance of critical evaluation amidst hype. Key Topics Mythos AI capabilities and evaluationsIndustry responses and strategic implicationsVulnerability discovery and management in the AI eraChapters 00:00 The Changing Landscape of Cybersecurity 06:38 The Power of Mythos 13:18 OpenAI's Response and Different Approaches 21:46 Strategic Recommendations for Organizations 27:45 The Future of AI in Cybersecurity Resources Anthropic Cloud MythosGPT-5.4-Cyber by OpenAIAI Security Institute - Mythos EvaluationHeidy Khlaaf's evaluationLet’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    30 min

  5. Apr 10

    Why Identity Is The Hidden Keystone in Effective GRC Programs

    Summary This episode explores the critical relationship between identity and access management (IDAM) and holistic Governance, Risk, and Compliance (GRC) programs. Hosted by Santosh, it delves into how integrated identity management enhances security, compliance, and organizational resilience in the digital age. Key Topics The connection between identity and GRC The evolution of IDAM and its role in security Regulatory frameworks and compliance mapping Risk management lifecycle and identity risk scoring Future trends: Zero Trust, AI, decentralized identity Chapters 00:00 The Importance of GRC and IDAM Integration 02:32 The Holistic Approach to GRC 07:50 The GRC Challenge Landscape 11:21 Defining Identity and Access Management (IDAM) 15:46 How IDAM Enables Governance 18:48 IDAM's Role in Risk Management 22:54 IDAM and Compliance 23:17 Compliance and IDAM: Meeting Regulatory Requirements 27:22 Maturity Levels of IDAM Programs 29:54 Common Pitfalls and How to avoid them 32:42 Key Performance Indicators for GRC and IDAM 35:19 The Future.. 37:56 Conclusion: The Central Role of Identity in GRC Keywords IDAM, GRC, cybersecurity, identity management, compliance, risk management, zero trust, digital transformation, security architecture Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    41 min

  6. Apr 3

    How SCA, SAST, and DAST Protect Modern Apps (Application Security)

    Summary This episode explores the core tools in application security - SCA, SAST, and DAST and how they form a comprehensive, shift-left security strategy to protect modern applications from vulnerabilities throughout the development lifecycle. Key Topics Shift-left security strategy SCA (Software Composition Analysis) SAST (Static Application Security Testing) DAST (Dynamic Application Security Testing) Chapters 00:00 Introduction to Application Security 05:08 Understanding SCA: Software Composition Analysis 08:22 Exploring SASD: Static Application Security Testing 13:23 Diving into DAST: Dynamic Application Security Testing 17:37 Integrating Security Tools for Comprehensive Protection 21:31 Conclusion and Key Takeaways Keywords #Application Security, #SCA, #SAST, #DAST, #Shift-Left Security, #Cybersecurity, #SoftwareVulnerabilities, #OpenSourceSecurity, #DevSecOps, #SecurityTools Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    22 min

  7. Mar 29

    How LiteLLM Became a Weapon in a Supply Chain Attack

    Summary This episode explores the recent security breach involving Lite LLM, a popular open-source Python library, and discusses the implications for cybersecurity in AI development. Learn how a trusted tool was exploited, the attack's mechanics, and essential security lessons for organizations. Key Topics Supply chain attack on Lite LLM Multi-stage compromise via CI/CD pipeline Malicious package injection and persistence Lessons on dependency pinning and credential rotation The AI tool chain as a new attack surface Chapters 00:00 The Importance of Speed and Convenience in AI Development 04:16 The Attack Methodology 10:08 Key Lessons Learned from the Incident Keywords cybersecurity, AI security, supply chain attack, open source, LiteLLM, credential theft, DevSecOps, dependency management, zero trust, threat intelligence Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    18 min

  8. Mar 24

    How ITDR Can Prevent the Next Major Data Breach

    Summary This episode explores the critical importance of Identity Threat Detection and Response (ITDR) in modern cybersecurity. Hosted by Santosh, it covers how identity infrastructure is the most targeted layer in enterprises, the rise of identity-based attacks, and practical strategies to enhance security posture. Key Topics The rise of identity-based attacks and their impact The three pillars of ITDR: visibility, detection, response Real-world examples: SolarWinds, MGM, Striker attack How AI is transforming cyber threats and defenses Practical steps to assess and improve your identity security Chapters 00:00 The Reality of Data Breaches 02:29 Understanding Identity Threat Detection and Response (ITDR) 06:58 The Urgency of ITDR in Today's Landscape 10:33 Case Study: Learning from the Striker Attack 13:18 Key Takeaways for Organizations 16:09 Identity as the New Perimeter Keywords cybersecurity, ITDR, identity security, data breaches, identity attacks, zero trust, cloud security, breach prevention, cybersecurity strategy Let’s Stay Connected 📧 Email: santosh@getitrightsoln.co.uk 🔗 LinkedIn: linkedin.com/in/kssantosh

    17 min
See All (15)

About

Great security solution are designed from the ground up..Secured by Design is a podcast where Santosh shares practical insights, frameworks, and perspectives on identity security and other aspects of cybersecurity.Each episode breaks down complex concepts into actionable ideas for professionals protecting digital identities, designing secure systems, and leading security initiatives. Because true security is built  and not bolted on...

Information