Enterprise Security Weekly (Video)

Security Weekly Productions

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.

  1. Mastering agent permissions and Identiverse interviews - Amir Ofek, Howard Ting, Ajay Gupta, Sandy Bird - ESW #466

    4 days ago ·  Video

    Mastering agent permissions and Identiverse interviews - Amir Ofek, Howard Ting, Ajay Gupta, Sandy Bird - ESW #466

    Interview with Sandy Bird, co-founder of Sonrai Security In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints. Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them. This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Segment Resources AWS Bedrock agent permissions: what you need to lock down before you go live Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents. The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities. It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle. Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates. Download the SANS AI Security Maturity Model eBook This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them! The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested. https://www.opal.dev/resource-center/identity-governance-report-2026-ai-access This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them! Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance. This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them! Show Notes: https://securityweekly.com/esw-466

    1hr 18min
  2. Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464

    22 Jun ·  Video

    Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464

    Interview with Ankita Gupta, CEO of Akto How to Navigate Shadow AI Risk in the enterprise This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options? Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace. Segment Resources: Website: https://www.akto.io Book a Free Demo: https://www.akto.io/agentic-security-demo LinkedIn: https://www.linkedin.com/company/akto-io YouTube: https://www.youtube.com/@aktodotio This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do. Topic Segment: Verizon's Breach Impact Study The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims! Some of my favorite insights: Cost of breaches, broken out by SMB, mid-sized enterprise, and large The claim amount as a percentage of the company's revenue Losses broken down by loss TYPE This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc. With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled. Security failures aren't getting any cheaper. Weekly Enterprise News Finally, in the enterprise security news, A $100M seed round! Accenture acquires 3 security vendors Some thoughts on the government takedown of Fable and Mythos One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams! A Critical Copilot vulnerability 75,000 Fortinet Firewalls get compromised Remediation is broken Using guardrails to evade detection All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-464

    1hr 38min
  3. The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462

    8 Jun ·  Video

    The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462

    Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections. Segment Resources: Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership Topic: The Unintended Consequences of Vulnmaxxing We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation. There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind. The Weekly Enterprise News Finally, in the enterprise security news, If you were starting a cybersecurity company today, which category would you pick? layoffs funding the White House AI executive order OpenAI's frontier governance framework Anthropic's Zero Trust for AI agents guide IBM's vulnmaxxing efforts RICO as a service for job seekers Instagram had possibly the most embarrassing hack ever All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-462

    1hr 38min
  4. Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461

    1 Jun ·  Video

    Helping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - Evan Powell - ESW #461

    Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to share some ideas on how defenders can get some benefits from AI as well, and why open source is important with this approach. Topic For this week's topic segment, we've got two very interesting data sources. The first is Anthropic's first update on Project Glasswing, where they're absolutely tearing through codebases with ultra premium Mythos tokens, but then hitting a human-shaped bottleneck as they attempt to validate all the findings. The second is the first report from Root Evidence, the latest startup from Jeremiah Grossman and Robert Hansen (aka RSnake), which aims to help organizations filter out all the vulnerabilities that don't matter. Where these two reports meet in the middle is my concern that the use of AI to scour every last bug out of code is going to be the most Sisyphean task the cybersecurity industry has ever come up with (and we have some deep experience here). The Weekly Enterprise News Finally, in the enterprise security news, Less funding, more acquisition the AI SOC startup space is CROWDED your CEO is suffering from AI psychosis Some CISOs are done with the job, IT can have it detecting and removing dangerous secrets from dev workstations 230,000 security advisories roll up to 6 attacker behaviors The FBI's 2025 IC3 report is out When tech billionaires make predictions, they're actually sales pitches All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-461

    1hr 38min
  5. The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich Kron, Deepen Desai, Chris Wallis - ESW #458

    11 May ·  Video

    The impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich Kron, Deepen Desai, Chris Wallis - ESW #458

    The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Show Notes: https://securityweekly.com/esw-458

    1hr 40min
  6. Post Quantum Migration Struggles, AI Threats, and Modern Defenses - Bobby Ford, HD Moore, Eyal Benishti, Ramin Farassat, Daniel dos Santos - ESW #457

    4 May ·  Video

    Post Quantum Migration Struggles, AI Threats, and Modern Defenses - Bobby Ford, HD Moore, Eyal Benishti, Ramin Farassat, Daniel dos Santos - ESW #457

    Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged assets like IoT and OT. The bottom line: PQC migration is unavoidable. Starting early—especially with crypto inventory and planning—will make the transition far less painful. RSAC Interview: Multi-Channel Impersonation: Why Legacy Controls Are Failing As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He'll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today. Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach. RSAC Interview: OT: Segmented Today, Breached Tomorrow As the worlds of IT and OT converge, traditional network segmentation falls short, exposing risks in the critical environments that keep energy flowing and shelves stocked. Conventional security tools fail to identify these gaps, with serious repercussions for operators. At runZero, we empower defenders to win by default through comprehensive discovery, rapid detection of critical exposures, and unique segmentation analysis that does not depend on span ports, credentials, or on-device agents. runZero provides real-time insights into even the most sensitive environments — quickly, safely, and securely. This segment is sponsored by runZero. Visit https://securityweekly.com/runzerorsac to learn more about them! RSAC Interview: Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents. Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac. RSAC Interview: The Threat Curve Has Reset: Why AI Made "Solved" Attacks Dangerous Again AI hasn't just evolved cyberattacks—it has reset the threat curve entirely. New research shows that even "solved" problems like phishing and business email compromise are immature and dangerous again, with attackers using AI and autonomous agents to launch hyper-personalized, multi-channel attacks at scale. This session explores what Phishing 3.0 really means for security leaders—and why defending trust now requires a fundamentally new approach. This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/IRONSCALESrsac to learn more about them! Show Notes: https://securityweekly.com/esw-457

    1hr 33min
  7. Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Craig Sanderson, Sachin Jade, Travis Wong, Phil Calvin, Karen Heart - ESW #456

    27 Apr ·  Video

    Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Craig Sanderson, Sachin Jade, Travis Wong, Phil Calvin, Karen Heart - ESW #456

    Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware's Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them! Show Notes: https://securityweekly.com/esw-456

    1hr 36min

About

News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.

You Might Also Like