[Dev]olution

Coder
  • 5.0 (1)
  • TECHNOLOGY

The development world is cluttered with buzzwords and distractions. Speed, focus, and freedom? Gone. I’m Nicky Pike. And it’s time for a reset. [Dev]olution is here to help you get back to what matters: creating, solving, and making an impact. No trend chasing, just asking better questions. What do devs really want? How can platform teams drive flow, not friction? How does AI actually help? Join me every two weeks for straight talk with the people shaping the future of dev. This is the [Dev]olution.

  1. The Echo Leak Exploit: Why AI Leaks Data Without a Click

    6D AGO

    The Echo Leak Exploit: Why AI Leaks Data Without a Click

    You think your AI is working for you…until it’s leaking your data. Welcome to Echo Leak, the zero-click exploit that can send your company’s most sensitive info to attackers, and you won’t even realize it’s happening. Here’s how it works: an email lands in your inbox, and without anyone clicking anything, your AI system picks it up. It accesses your sensitive data from Outlook, SharePoint, Teams, and quietly ships it out through a crafted URL, all while doing exactly what you paid it to do. This isn’t a glitch. It’s a massive vulnerability. In this minisode, we dive into the lethal trifecta, three factors that make your AI system an easy target for this type of attack. From private data access to untrusted content, to how your AI can communicate externally, it’s all laid out for you. Learn how to protect your systems, lock down permissions, and secure your AI agents before they become the next big breach. In this episode, you’ll learn: What Echo Leak is and how zero-click exploits can leak your data silentlyThe "lethal trifecta": Three key vulnerabilities in AI systems that make them exploitableActionable steps to restrict AI agents' permissions and prevent Echo Leak Episode highlights:(00:00) Echo Leak: How it works without any user clicks (03:00) The "lethal trifecta" and why it's a security risk for AI (05:40) Real-world Echo Leak examples from Black Hat and RSA (08:00) Vendor responses and why they’re missing the point (09:40) Understanding AI agent governance failures (12:00) Steps to secure your AI systems against Echo Leak (14:20) Restricting external communication and limiting data access (16:00) Designing AI systems with security in mind (18:00) Preparing for AI exploits like Echo Leak Resources: EchoLeak: Zero-Click Microsoft 365 Copilot VulnerabilityThe lethal trifecta for AI agents: private data, untrusted content, and external communicationThe lethal trifecta for AI agentsYouTubeBlack Hat USA 2025 | AI Enterprise Compromise - 0click Exploit MethodsPenetration TestingSafeguarding VS Code against prompt injections

    15 min
  2. Your Security Was Built for Humans, Not AI

    APR 29

    Your Security Was Built for Humans, Not AI

    AI agents are already embedded within your infrastructure, yet the critical issue remains: no one is truly in control. In this episode, we sit down with two experts from Red Hat, Michael Epley and Sam Richman, who are actively engaged at the intersection of AI, security, and defense. Their work isn't theoretical; it's about managing systems where the stakes couldn't be higher. Michael Epley, as Chief Architect and Security Strategist, has dedicated years to building identity and governance frameworks in environments where errors are unacceptable. Meanwhile, Sam Richman, Principal Architect for Defense, is responsible for deploying software from development environments to operational drones. This discussion reveals some uncomfortable realities surrounding modern security and AI: the presence of AI agents operating without proper identification, the ineffectiveness of security models designed for human users when governing machine behavior, and the challenge of managing systems that cannot be thoroughly tested, predicted, or trusted. Despite these challenges, these systems are being rolled out. If you're involved in developing AI systems or ensuring their security, this episode poses a critical question: Do you truly understand what your AI agents are doing? In this episode, you’ll learn: Why AI agents break traditional identity and access modelsHow overprovisioned agents create invisible security risksWhat real governance looks like when systems can’t be fully tested Things to listen for:  (00:00) Meet Michael Epley and Sam Richman (02:47) Are enterprises ready for AI agents (05:00) Why AI adoption outpaces value (07:00) AI finding vulnerabilities humans missed (10:58) Why AI systems are unpredictable by design (13:00) The identity problem for AI agents (17:00) Digital sovereignty becomes mission-critical (21:30) AI strategy in defense and enterprise (26:30) Why modular AI infrastructure matters (27:30) What Kagenti actually solves (31:00) Fixing overprovisioned AI agents (34:30) Observability and agent behavior tracking (38:00) AI at the edge and deployment risks (47:30) Running AI without losing control of data (59:00) Predictions for AI governance and agents Resources: Michael Epley’s LinkedIn: https://www.linkedin.com/in/epleymichael Sam Richman’s LinkedIn: https://www.linkedin.com/in/sam-richman Red Hat website: https://www.redhat.com

    1h 6m
  3. Is AI Actually Helping or Hurting Devs?

    APR 15

    Is AI Actually Helping or Hurting Devs?

    Adron Hall thinks you already missed the boat if you are still banging away at lines of code.  He watches organizations struggle with locked-down environments while the rest of the industry moves at a pace they can't keep up with. The junior pipeline is collapsing, and we are building systems on code that nobody actually understands. Vibe coding sounds like a dream until the production system crashes at two in the morning.  Adron Hall, Principal Software Engineer at Composite Thrashing Code, joins Nicky Pike to discuss why productivity gains are getting eaten by debugging and what happens when the AI agents start treating your main repo like a sandbox project. If you are wondering if you are building faster or just debugging more, this conversation provides the reset you need. In this episode, you’ll learn: Why writing code manually means you are already too far behindHow to manage the six specific types of AI code changesThe reason Diff Discipline is the only way to survive vibe coding Things to listen for:  (00:00) Meet Adron Hall (03:14) Why the junior developer pipeline is imploding (05:13) How to reign in agent scope for better results (08:31) The slow creeping dread of vibe coding (12:50) Moving past communication cycles with prototypes (16:50) Why shipping to production needs a human gatekeeper (20:20) How roles shift when agents handle the workflow (24:05) Why slinging individual lines of code is over (29:47) Bringing a generalist approach back to computer science (34:57) Breaking down the six types of code changes (41:40) Why AI optimizes for plausible output instead of correctness (52:37) Enforcing diff limits to keep human reviewers sane (57:29) Setting up no-fly zones for sensitive code (01:02:41) The coming hundred x shock to the tech industry (01:11:27) What it means to be a coder in 2026 Resources: Adron Hall’s LinkedIn: https://www.linkedin.com/in/adron/ Composite Thrashing Code blog: https://compositecode.blog/

    1h 14m
  4. AI Is Skipping the Fundamentals and That Should Worry You feat. Dan Vega

    MAR 25

    AI Is Skipping the Fundamentals and That Should Worry You feat. Dan Vega

    Dan Vega has spent years teaching developers how to build things the right way. Now he’s watching AI change how an entire generation learns to code. Dan is a Spring Developer Advocate at Broadcom, and in this episode of [Dev]olution, we get into what happens when AI removes friction faster than it builds understanding. Writing code has never been easier, but the fundamentals are quietly getting skipped. We talk about why AI is creating masters with no apprentices, how junior developers are getting fast-tracked past the learning phase, and why understanding systems still matters more than shipping quickly.  If you’re building with AI or trying to learn without losing the basics, this conversation with Dan Vega is one heck of a learning session. In this episode, you’ll learn: Why developers still need to learn how systems fail, not just how code runsHow AI changes the role of mentors and what juniors are missing without feedback loopsWhy shipping faster doesn’t automatically mean building better software Things to listen for:  (00:00) Meet Dan Vega (01:40) How AI changed the way people learn to code (05:05) Shipping code without understanding systems (08:55) Dan’s path from learning fundamentals to teaching them (12:35) How AI reinforces bad developer habits (16:00) The “masters with no apprentices” problem (19:45) Why juniors are skipping the struggle phase (23:55) Copying answers versus building intuition (28:15) Why debugging is where learning happens (32:10) Teaching reasoning instead of syntax (36:30) The danger of prompt-driven development (40:20) What senior developers should do differently (44:35) Using AI without losing judgment (48:50) Advice for developers starting today (53:30) Final thoughts on learning in an AI-first world Resources: Dan Vega’s LinkedIn: https://www.linkedin.com/in/danvega/ Broadcom website: https://www.broadcom.com

    1 hr
  5. Shai-Hulud: The NPM Worm That Spreads Like Virus

    MAR 11

    Shai-Hulud: The NPM Worm That Spreads Like Virus

    Welcome to the first minisode of Devolution where we dive into the devastating Shai-Hulud attack that shook the NPM ecosystem last year.  Nicky Pike breaks down how a self-replicating worm took control of over 25,000 GitHub repositories, exploiting a simple NPM command that every developer runs without thinking. From the rapid spread to its impact on household developer tools, this attack wasn’t just a breach, it was a full-blown software pandemic. Listen in as we explore how this worm spread like wildfire, evaded detection, and the long-lasting implications it has on developer security. Get ready as we get into zero-day vulnerabilities and what we need to do to protect our development environments moving forward. Don’t let the next Shai-Hulud catch you off guard. In this episode, you’ll learn: How Shai-Hulud started as a simple NPM command and evolved into a self-replicating worm.Why big companies like PostHog and Trust Wallet were impacted despite having strong security measures, exposing critical vulnerabilities in their defenses.What you can do next by rethinking your security models to protect against evolving threats like Shai-Hulud. Episode highlights:(00:00) 25,000 Repos in 72 Hours, What Happened? (00:30) The First Self-Replicating NPM Worm (01:00) Shai-Hulud 2.0 Goes Exponential (02:00) How It Bypassed Security & Harvested Secrets (03:00) 400K Secrets Exposed & the Trust Wallet Fallout (04:15) Why Traditional Developer Security Failed (05:00) What Teams Must Change Now Resources: Widespread Supply Chain Compromise Impacting npm EcosystemThe Shai-Hulud 2.0 npm worm: analysis, and what you need to knowShai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing SecretsPost-mortem of Shai-Hulud attack on November 24th, 2025“Shai-Hulud” npm Attack: What You Need to KnowInside Shai-Hulud’s Maw: How The NPM Worm Exploits And Propagates

    7 min
  6. You Don't Need a Dev Team to Build an App. Just Try and Test with AI

    MAR 4

    You Don't Need a Dev Team to Build an App. Just Try and Test with AI

    Marco Martinez went rogue and built a production-ready system with zero coding experience. Six months ago, the only Python Marco knew was a really big snake. Now, as the Community Marketing Manager at Coder, he created a multi-agent system that monitors Discord, processes messages through Llama AI, and routes them to Slack for approval, then sends them back to Discord. And it’s heading to production. In this episode, Marco shares how he solved a real business problem using AI and zero dev skills. He also shows us that vibe coding is the future and anyone can build software by simply tinkering with the right tools. If you think you need to be a developer to build something impactful, this episode will show you how perfectly capable you are with the help of AI as a non-developer. In this episode, you’ll learn: Why non-developers should trust AI to handle the heavy lifting while they focus on solving problemsHow embracing failure and iteration speeds up development and leads to better resultsWhy AI is a game-changer for anyone looking to create real solutions quickly Things to listen for:  (00:00) Meet Marco Martinez (02:48) Why Marco built the bot himself (04:23) The problem with managing Discord messages (08:39) How tinkering with AI led to development (09:17) How AI democratizes software development (12:30) Marco’s approach to vibe coding (13:16) The rise of AI agents as partners (14:41) Learning Git and the branching lesson (19:15) Why PRDs made Marco’s workflow more efficient (22:45) The power of PRDs for non-developers (26:51) How AI sparked Marco’s interest in learning more tech (30:45) How Marco chose Llama AI (35:15) Moving from local development to cloud (43:45) Marco’s plans to bring engineers for production (46:52) Demonstrating the multi-agent system in action (55:15) Using PRDs to speed up development Resources: Marco Martinez’s LinkedIn: https://www.linkedin.com/in/marcomartinez-marketingmanager/ Coder website: https://coder.com/

    1h 4m
  7. Are You Even Using The Right AI Tools? with Caleb Washburn

    FEB 18

    Are You Even Using The Right AI Tools? with Caleb Washburn

    Caleb Washburn didn’t build his career on chasing shiny new tech. From his years as an IT architect to his role as CTO and Founder at MomentumAI, Caleb’s focus has always been on solving real problems.  In this episode of [Dev]olution, Caleb challenges the current hype around Kubernetes, cloud costs, and AI tools, urging us to think beyond the latest trends. With his extensive experience in enterprise solutions, Caleb dives deep into why many companies are getting burned by their cloud strategies and how they can build smarter, more scalable infrastructures. He explains that AI is really about finding the right solutions that actually support your business goals. If you want to build a solid foundation for AI success, check out this episode. In this episode, you’ll learn: Why Kubernetes might not be the right tool for every enterpriseHow to scale AI responsibly and avoid common infrastructure pitfallsThe importance of choosing the right technology for your company’s goals Things to listen for:  (00:00) Meet Caleb Washburn (02:10) Why Kubernetes might not be the right tool (05:30) The real cost of cloud strategies and the danger of overspending (09:45) Why AI isn't the magic solution it's cracked up to be (13:15) How to evaluate the right tech for your business needs (17:00) Avoiding the “shiny tool” trap in enterprise solutions (21:10) Building smarter, scalable infrastructures for AI (25:45) How AI can solve real problems, not just create more hype (30:00) The importance of a solid foundation before scaling with AI (35:30) Practical advice for developers working with AI tools (40:00) Why cloud repatriation is happening and what it means for the future (45:15) How enterprises can avoid common pitfalls when integrating AI (50:00) Final thoughts: Navigating tech trends and focusing on outcomes Resources: Caleb Washburn’s LinkedIn: https://www.linkedin.com/in/calebwashburn/ MomentumAI website: https://www.momentumai.com/

    1h 3m
  8. You’ve Been Writing Code Backwards feat. Ted Young

    FEB 4

    You’ve Been Writing Code Backwards feat. Ted Young

    Ted Young didn’t just write code, he’s been rethinking how we write it for decades.  After working with the likes of Google and Apple, Ted became obsessed with making development more precise and less chaotic. Forget the “code first, test later” approach that most of us fall into. Ted's here to challenge that mindset with Test-Driven Development by breaking it down into actionable steps that save time and save you from the endless debugging trap. In this episode, Ted talks about why specifications are the key to shipping clean code, how AI is teaching us to repeat the same mistakes, and why thinking first can prevent hours of wasted time. Oh, and did we mention he turned his TDD method into a board game? If you’re tired of writing code that never quite meets your expectations, this episode will show you a new, smarter way to work. In this episode, you’ll learn: Why starting with specifications can save you from endless debuggingHow Test-Driven Development (TDD) is more about thinking than just testingWhy AI is amplifying the same mistakes developers already make without clear plans Things to listen for:  (00:00) Meet Ted Young (01:45) The problem with coding without thinking first (05:10) Why "test-first" is the wrong approach (09:00) Ted’s journey from trial-and-error coding to TDD (12:30) How AI is teaching us the wrong workflow (15:45) Why specifications are more important than you think (19:30) Breaking down Test-Driven Development into nine steps (23:50) Turning TDD into a board game (28:10) The challenge of writing clean code with AI (32:05) Why TDD isn’t just about writing tests (36:30) How developers can avoid the "burn toast" scenario (40:15) The real cost of messy, untested code (44:00) The importance of breaking code down into small, manageable steps (48:20) How Ted uses AI to rethink development processes (52:10) Final thoughts on the future of AI and coding Resources: Ted Young’s LinkedIn: https://www.linkedin.com/in/tedmyoung/ Spiral Learning website: https://www.spirallearningllc.com/

    1h 7m
See All (18)

Trailer

About

The development world is cluttered with buzzwords and distractions. Speed, focus, and freedom? Gone. I’m Nicky Pike. And it’s time for a reset. [Dev]olution is here to help you get back to what matters: creating, solving, and making an impact. No trend chasing, just asking better questions. What do devs really want? How can platform teams drive flow, not friction? How does AI actually help? Join me every two weeks for straight talk with the people shaping the future of dev. This is the [Dev]olution.

Information

  • Creator
    Coder
  • Years Active
    2025 - 2026
  • Episodes
    18
  • Rating
    Clean
  • Copyright
    © 2026 Coder