Guest: Chip Witt, Principal Security Analyst at Radware

Host: Richard Stiennon, Chief Analyst Researcher at IT-Harvest

When attackers target modern enterprises, they don’t break in; they log in. This insight came from the recent episode of The Security Strategist Podcast, where host Richard Stiennon, a cybersecurity analyst and Chief Analyst Researcher at IT-Harvest, speaks to Chip Witt, Principal Security Analyst at Radware.

The conversation spotlights a critical issue faced by most enterprises – defending APIs as if they are just infrastructure while attackers exploit them as part of the business logic. That gap represents the real risk.

What’s the Core Misunderstanding with APIs?

As per Witt, enterprise teams often view APIs as technical plumbing instead of business products. Security programs focus on endpoints and authentication, believing that a locked front door means the house is safe.

However, the true risk lies deeper — in authorisation logic, identity sprawl, and how applications change over time. Modern development methods lead to constant API drift. New routes appear, fields change, and versions multiply. In many organisations, security leaders cannot confidently state which APIs are live in production. The uncertainty to many is theoretical, but in reality, it’s an operational risk.

Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS Challenges

How are Enterprises Shifting Towards Intent-Aware Protection?

As enterprises speed up their use of serverless architectures, microservices, and AI-driven applications, API sprawl intensifies. With sprawl, the security model cannot remain unchanged while the application structure evolves.

According to Witt, the future of API security must be intent-aware. Protection should assess whether a sequence of calls makes sense within its context for the user, system, or resource initiating them. Simply confirming identity is not enough; security also needs to validate behaviour.

Zero trust principles have reshaped strategies for networks and identities. APIs now require similar scrutiny—not just at the perimeter, but within the workflow itself.

APIs are no longer just back-end connectors; instead, they are now the visible surface of the enterprise. The most concerning attacks are not brute-force attempts. Most distressing attacks, in fact, are authenticated actions carried out with malicious intent.

Organisations that continuously track their APIs, enforce strict authorisation, and identify workflow misuse in real time can significantly reduce their risk of breaches. More importantly, they can align security with the business pace. In today’s digital economy, APIs are the product.

Takeaways

1. APIs are your primary business attack surface, not back-end infrastructure.
2. Most damaging API attacks use valid credentials and exploit weak authorisation.
3. Visibility gaps and API drift quietly expand your exposure over time.
4. Machine-to-machine identities often carry excessive, unmonitored privileges.
5. Runtime, intent-aware detection is now essential to stopping business logic abuse.

Chapters

1. 00:00 Introduction to API Security
2. 02:04 Understanding API Misconceptions
3. 04:49 Current API Threat Landscape
4. 06:43 Business Logic Abuse in APIs
5. 09:11 Challenges in API Security
6. 12:03 Runtime Protection and Intent Detection
7. 13:40 Key Takeaways for IT Decision Makers

For more information, please visit em360tech.com and radware.com

Follow: @EM360Tech on YouTube, LinkedIn and X

Radware YT: @radware

Radware LinkedIn: https://www.linkedin.com/company/radware/

Radware X: @radware

#APISecurity #BusinessLogicAbuse #AuthenticatedAttacks #RuntimeProtection #IntentAwareSecurity #Radware #Cybersecurity2026 #OWASP #BusinessLogic #ZeroTrust #TechPodcast #EnterpriseSecurity #IntentAwareProtection #TheSecurityStrategist #Cybersecurity

Their conversation cuts through the noise around cybersecurity tools and frameworks and focuses instead on how CISOs can think differently about enterprise data, risk management, and control.

Understanding Enterprise Data Risk Starts With Reality

One of the most grounded points Zamir makes is also the simplest, and that is, most enterprise data is not being used. At any given time, around 98 per cent of enterprise data sits dormant. From a data security perspective, that should immediately raise questions. Why is data that no one needs today exposed in the same way as data actively driving the business?

For CISOs, this reframes the challenge. Instead of trying to secure all data equally, the priority becomes understanding which data is actually accessed, by whom, and when. This shift matters because risk does not come from volume alone, but from unnecessary exposure. Dormant data with overly broad access control is often invisible to the business, yet highly visible to attackers.

By grounding cybersecurity decisions in how data is really used, security teams can reduce enterprise data risk without introducing friction for employees who are simply trying to do their jobs.

Permission Hygiene, Access Control, and Dynamic Security

A recurring theme in the discussion is permission hygiene. Over time, access rights accumulate. People change roles, projects end, contractors leave, but permissions rarely get cleaned up. The result is an expanding attack surface that no amount of policy documentation can realistically govern.

Zamir argues that improving permission hygiene and access monitoring should come before heavy data classification initiatives. Tightening access control, understanding access patterns, and removing unnecessary permissions can dramatically reduce risk with relatively low operational impact.

Crucially, this does not mean locking everything down. Dynamic controls play a key role here. Instead of blocking access by default, organisations can monitor for unusual behaviour and respond in context. Alerts, step-up verification, or temporary restrictions allow security teams to manage risk while preserving user experience. From a business perspective, this approach aligns far better with how work actually happens.

This is also where agentic AI and agentless monitoring enter the picture. As autonomous systems increasingly access data on behalf of users, traditional identity-based controls struggle to keep up. Agentless approaches help close coverage gaps without requiring intrusive deployments, while agentic AI introduces new questions about accountability and oversight that CISOs can no longer ignore.

Just-in-Time Classification and the Legal Implications of Automation

Traditional data classification has long been treated as a foundational security activity, but the podcast challenges that assumption. Classifying vast amounts of dormant data upfront is expensive, slow, and often disconnected from real risk. Instead, Zamir advocates for just-in-time classification, applying context only when data is accessed.

This approach supports more effective risk management while easing the burden on security teams. It also aligns better with regulatory expectations, where proportionality and intent increasingly matter.

However, automation and agentic AI introduce legal implications that CISOs must consider when developing their strategies. When autonomous agents access, move, or transform data, organisations need clarity on responsibility, auditability, and compliance. Dynamic controls and temporal insights into data access are not just technical safeguards; they are essential for demonstrating governance in an environment where human and machine actions intersect.

Taken together, the conversation highlights a more measured path forward. By focusing on how enterprise data is actually used, improving permission hygiene, and applying controls dynamically, CISOs can enhance data security without slowing down the business. It is less about adding more tools and more about making smarter, context-aware decisions in a landscape where risk is shaped by time, access, and intent.

For more information on this, visit: https://raysecurity.io/

Takeaways

1. Around 98 per cent of enterprise data sits idle, creating hidden security risks.
2. Focusing on data dormancy helps prioritise protection and reduce exposure.
3. Permission hygiene and dynamic controls reduce risk without slowing business workflows.
4. Just-in-time classification cuts overhead by securing data only when accessed.
5. Agentless monitoring and oversight of agentic AI improve coverage and accountability.
6. Legal and governance frameworks must evolve to handle autonomous data access.

Chapters

00:00 Introduction to Cybersecurity Challenges

01:38 Understanding Data Dormancy and Its Implications

05:10 Focusing on Critical Data for Security

08:21 The Importance of Permission Hygiene

10:53 Just-in-Time Classification for Data Security

12:28 Dynamic Controls for Business Needs

16:43 Agentless Monitoring and Coverage Gaps

19:32 Integrating Logs and APIs for Security

21:34 Future Trends in Cybersecurity

The Biggest Cybersecurity Challenges Facing UK Organisations

As Wright explains, cybersecurity cannot be understood purely from policy documents or tooling dashboards. It has to be understood from the attacker’s point of view. From where he stands today, the UK cybersecurity landscape is marked by a growing gap between how organisations believe they are protected and how exposed they actually are.

One of the most persistent misconceptions Wright highlights is the belief that buying cybersecurity tools automatically makes an organisation secure. Too many businesses, he argues, rely on poorly implemented services or procure technology they don’t fully understand.

The result is a false sense of confidence. Organisations assume they are protected, but still fall victim to ransomware, business email compromise, and financial fraud. Often, the tools they’ve invested in are never properly tested, validated, or tuned to their environment.

Awareness is another issue. Despite constant media coverage of cyber attacks, cybersecurity is still not consistently treated as a board-level risk. When it remains a technical afterthought rather than an operational priority, organisations struggle to respond effectively when incidents occur.

Wright also challenges the idea of a simple “skills gap.” While much of the discussion focuses on a lack of junior talent, he argues the real problem sits at the top. Too many cybersecurity decisions are being made by individuals without deep, hands-on experience, particularly in senior or policy-shaping roles. This lack of expertise leads to misaligned strategies, both in organisations and in government.

The UK Government’s Cyber Action Plan

The UK government’s £210 million cyber action plan is, in Wright’s view, a welcome signal but not a solution. Any investment in cybersecurity is positive, yet the plan largely reflects practices the private sector has been using for years.

This creates a familiar pattern as the private sector absorbs the damage, while the public sector learns from it later. Economically, Wright argues, this approach is flawed. When businesses are repeatedly compromised, the impact extends far beyond individual organisations.

Legislation is another weak point. Cyber threats evolve daily, but laws move slowly. The Computer Misuse Act, for example, has not been meaningfully updated in over a decade. In a world of cloud computing, automation, and AI-driven attacks, this leaves the UK operating with outdated guardrails.

What Government Can Learn From Offensive Security

As the CEO of an offensive security firm, Wright sees the same pattern repeatedly that organisations are compromised using relatively unsophisticated methods. These are not advanced, state-of-the-art attacks. They are basic weaknesses that remain unaddressed. The problem, he suggests, is that policymakers are often advised by people who have never actively attacked real systems. This disconnect shows up in legislation and regulation that look sound on paper but fail in practice.

Other governments have taken a different approach. Bug bounty programmes, for example, allow ethical hackers to test government infrastructure and responsibly disclose vulnerabilities. These programmes force transparency and accountability. Despite this, the UK has been slow to adopt similar models.

Where Cyber Resilience Efforts Should Focus Next

Beyond legislation, Wright points to funding and enforcement as critical gaps. Many public sector organisations know where their risks are, but lack the budget to fix them. Meanwhile, regulatory bodies often lack the authority to enforce remediation.

Without both funding and enforcement, reports identifying serious vulnerabilities are filed away rather than acted upon. This cycle repeats until an attack forces emergency investment, which is often too late.

Emerging Threats Organisations Must Prepare For

Looking ahead, Wright identifies two major areas of concern. The first is the use of AI in cyber attacks. AI is not replacing attackers, but it is dramatically accelerating them. Tasks that once took hours can now be completed in minutes, shrinking the window for detection and response.

The second is technology supply chain risk. Attacks on widely used software tools can give attackers access to thousands of organisations at once. Past incidents involving widely trusted vendors show how devastating these compromises can be, particularly when they go unnoticed for long periods.

Despite the scale of the challenge, Wright’s advice is grounded and practical. Multi-factor authentication is non-negotiable. Organisations without MFA are, in his words, “sailing blind.”

He also urges businesses to validate their security investments. Spending heavily on defence while allocating minimal budget to testing is self-defeating. Security tools do not work perfectly out of the box, and penetration testing must go beyond surface-level assessments. Finally, Wright stresses the importance of depth. Black-box testing alone is not enough. Organisations need to assume breach scenarios and test how attackers move inside their environments, particularly through identity-based attacks such as phishing.

Takeaways

1. Cybersecurity is frequently mistaken for deploying tools, rather than managing risk.
2. Cyber risk must be treated as a board-level responsibility, not a technical afterthought.
3. The real cybersecurity skills gap exists at senior and decision-making levels.
4. Cyber legislation is largely reactive and struggles to keep pace with modern threats.
5. Bug bounty programmes can help governments identify weaknesses before attackers do.
6. Offensive security insight strengthens defensive strategy and decision-making.
7. Legacy systems can be secured when risks are properly understood and addressed.
8. AI is accelerating the scale and speed of cyber attacks, not replacing attackers.
9. Security investments must be validated through continuous testing and assurance.
10. Multi-factor authentication is a foundational requirement for modern cyber resilience.

Chapters

00:00 Introduction to Cybersecurity Landscape

02:56 William Wright's Journey in Cybersecurity

05:56 Current Cybersecurity Challenges in the UK

08:53 Evaluating the UK Government's Cyber Action Plan

12:03 The Impact of Legislation on Cybersecurity

15:01 Lessons from Offensive Security for Government

16:55 Notable Cybersecurity Breaches and Their Impacts

19:59 Future Focus: Improving Cyber Resilience

24:01 Emerging Cyber Threats: AI and Supply Chain Risks

27:48 Practical Advice for Organisations

31:05 Conclusion and Key Takeaways

Understanding the Active Adversary Report

 The Active Adversary Report, compiled by Wisniewski’s team at Sophos, provides invaluable insights into the common pitfalls organisations face when responding to cyber incidents. With Chester's extensive experience in cybersecurity and incident response, the report aims to analyse real-world data from hundreds of incident responses across 50 countries. The report categorises incidents into two main groups: those who seek immediate help during a crisis and those who utilise managed detection and response services. By examining these cases, the report identifies key indicators that contribute to security breaches, offering organisations a roadmap to enhance their security posture.

The Focus on Identity Theft

One of the most startling revelations from the report is that nearly 70 per cent of incidents last year were linked to identity-related issues such as stolen passwords, session tokens, or phishing attacks. Chester explains that attackers are increasingly leveraging identity theft because it is often easier to log in as an authorised user than to break into a system. This trend underscores the importance of security teams to prioritise identity management as part of their overall strategy.

Wisniewski also emphasises that the ease of access through stolen credentials presents fewer telltale signs of unauthorised activity, making it harder for organisations to detect breaches. In the past, cybercriminals often exploited vulnerabilities in software like Flash and Java, but as security measures have improved, they have shifted their tactics toward the more vulnerable area of user identity. This shift indicates a pressing need for organisations to bolster their identity security protocols.

Balancing Vulnerability Management with Identity Security

 As organisations work to strengthen their security measures, the challenge of balancing patch management with a focus on identity security. He points out that while patching vulnerabilities remains essential, many organisations face difficulties, particularly those with hybrid workforces. Unpatched VPN gateways and firewalls have become common entry points for attackers, making it critical for organisations to prioritise their patch management efforts based on exposure and the sensitivity of the data involved.

Wisniewski advocates for a more strategic approach to identity management, highlighting that the adoption of multifactor authentication (MFA) is still lacking across many organisations. He notes that many systems still rely on basic MFA methods, such as six-digit codes or push notifications, which do not provide adequate protection against sophisticated attacks. To truly enhance security, organisations must consider more robust identity verification methods and address the complexities introduced by non-human identities as well.

The Challenge of Non-Human Identities

In the current technological climate, non-human identities such as API keys present significant challenges for security teams. There have been recent incidents where API keys were exploited to gain unauthorised access to sensitive systems, pointing out that organisations must be vigilant in managing these non-human identities. As organisations adopt technologies like passkeys for human users, understanding and securing non-human identities is becoming increasingly important.

 With cyber risks becoming more complex, organisations must adapt their security strategies to address these challenges effectively. Here are a few things businesses can do to protect themselves:

• Prioritise identity security by implementing robust protocols and strategies to combat identity theft.
• Balance patch management with a focus on securing critical assets and data.
• Enhance multifactor authentication practices to ensure stronger protection against unauthorised access.
• Develop a comprehensive understanding of non-human identities and implement measures to secure them.

 By staying informed about the latest trends and insights in cybersecurity, organisations can better equip themselves to fend off the growing tide of cyber threats. For more information, visit https://www.sophos.com/

Takeaways

• Nearly 70 per cent of incidents last year involved identity-related issues.
• Attackers find it easier to log in as authorised users.
• Patching and vulnerability management are challenging for organisations.
• MFA adoption remains low despite its importance.
• Most attacks occur outside of normal business hours.
• Median incident response time is significantly reduced with MDR services.
• Employees can act as early warning systems for security threats.
• Focusing on basic cybersecurity practices is essential.
• AI can help streamline data analysis in incident response.
• AI is also being used to enhance phishing attacks.

Chapters

00:00 Introduction to Cybersecurity Challenges

02:57 Understanding the Active Adversary Report

05:55 The Shift Towards Identity-Based Attacks

08:48 Balancing Patching and Identity Management

12:04 Operational Challenges for CISOs

15:09 Leveraging Employee Awareness for Security

18:12 Practical Steps for CISOs to Strengthen Resilience

20:56 The Role of AI in Cybersecurity

Guest: Doug Merritt, Chairperson, CEO, and President of Aviatrix

Host: Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech

Cloud security now involves more than just protecting a single environment. As organisations grow across multiple clouds, integrate SaaS platforms, modernise applications, and deploy AI-driven workloads, the attack surface expands in complex ways that are hard to see and even harder to manage.

In the recent episode of The Security Strategist podcast, Doug Merritt, Chairperson, CEO, and President of Aviatrix, a cloud network security company, sits down with Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech. They discuss why gaps in cloud networking visibility are becoming one of the biggest security risks for businesses today.

The conversation also covers how cloud complexity has changed over time, why old security models struggle to keep up, and what practical steps leaders can take to lower exposure before attackers exploit hidden pathways.

Securing the World’s Digital Fabric

On a mission to secure “the world’s digital fabric,” Merritt spotlights the reasons explaining that organisations often perceive cybersecurity through “constructs and silos.” However, attackers see the entire landscape, which leads to a gap in the perspective.

Most enterprises started their cloud journey with lift-and-shift migrations, moving familiar applications from data centres to the cloud. Over time, these applications were modernised, broken into containerised services, and expanded with serverless functions, APIs, and third-party SaaS platforms.

Merritt notes that applications today often involve "10 to 15 different major components from start to finish," many of which exist across different clouds or outside direct organisational control.

This variety has brought speed and innovation, but it has also led to vastly different workload behaviours. Some workloads are long-lasting, others are temporary, and many can be accessed publicly.

According to the Aviatrix CEO, this "really powerful landscape" has resulted in "an incredibly powerful attack surface." Without consistent visibility and remediation across all workloads, attackers can find "which workloads have value and which workloads are unprotected" and move laterally until they reach critical assets.

AI adds additional challenges. While the technology seems new, he further emphasises that AI agents are still workloads with identities, operating at high speed and broad permission levels. They rely completely on network connectivity, making the network a crucial point for both visibility and control. In a hyper-connected environment, he argues, the network should be seen as a key security layer rather than just a transport system.

How to Prepare for the Next Wave of Cloud Threats

When asked what CIOs, CISOs, and cloud leaders should focus on next, Merritt alludes to a reality check. He urges leaders to choose a single complex application and ask their teams to identify every workload involved, every network path taken, and whether there is visibility into "every packet that goes into the workload and comes back out."

In most cases, he says, organisations find that they cannot do this. This gap reveals the first and most urgent issue: a lack of understanding of the environment itself. Without a clear map of workloads and communication paths, security teams operate with blind spots.

The Chairperson of Aviatrix insists that visibility must come before control. Once organisations understand their exposure, they can prioritise the "most dangerous communication pathways" and secure them. He warns that many large enterprises still have "thousands of workloads with direct internet connections and no filter in front," describing this exposure as "horrific," given how easily even less sophisticated attackers could exploit it.

He also points out that visibility and enforcement must be close to the workload. Centralised controls increase costs and latency, while distributed enforcement allows for faster response and containment. Ultimately, just observing traffic isn't enough; organisations need to be able to act.

Cloud security isn’t about adding more tools; it’s about changing perspective. By mapping workloads, understanding communication paths, and using the network as a consistent layer for visibility and enforcement, organisations can reduce lateral movement, limit blast radius, and prepare more effectively for the next generation of cloud threats.

Takeaways

1. Organisations need to focus on the uncovered attack surface.
2. The digital fabric includes diverse workloads across multiple clouds.
3. Visibility and remediation are critical in managing workloads.
4. The complexity of multi-cloud environments is increasing.
5. AI is accelerating the evolution of cloud security challenges.
6. Networking plays a pivotal role in security strategies.
7. Collaboration between security, networking, and cloud teams is essential.
8. Mapping workloads and communication pathways is crucial for security.
9. Organisations must prioritise securing high-risk workloads.
10. Understanding the shared responsibility model is vital for cloud security.

Chapters

1. 00:00 Introduction to Cloud Security Challenges
2. 03:03 Understanding the Digital Fabric
3. 05:56 Navigating the Modern Attack Surface
4. 08:46 Key Trends in Cloud Adoption
5. 12:11 The Complexity of Multi-Cloud Environments
6. 14:51 The Evolving Role of Networking in Security
7. 17:58 Bridging the Gap Between Teams
8. 21:02 Real-World Solutions and Case Studies
9. 23:53 Preparing for Future Threats
10. 29:09 Final Thoughts and Key Takeaways

#CloudSecurity #MultiCloud #CloudNetworking #Aviatrix #CISO #AttackSurface #CloudThreats #EnterpriseSecurity #TechPodcast #SecurityStrategist #DigitalFabric #AIinSecurity #WorkloadSecurity

For more information, visit aviatrix.ai and em360tech.com.

Follow: @EM360Tech on YouTube, LinkedIn and X

Aviatrix YT: @AviatrixSystems

Aviatrix LinkedIn: https://www.linkedin.com/company/aviatrix-systems/

Humans are the Weakest Link

Nicole’s journey in cybersecurity began long before Fable. She was an early member at Abnormal Security, where she helped build email security solutions. That experience exposed a recurring truth, and that was even the best technical safeguards can be undone by human error.

“Human error is really the number one cause at the beginning of cybersecurity incidents,” Nicole explains. “Phishing attacks are the number-one starting point—one click, one misstep, and suddenly the consequences are massive.”

She recalls the MGM Resorts breach as a turning point: an IT help desk employee took a phone call from someone impersonating an Okta admin, leading to a major security lapse. “Even with strong email defences, people were exposed in ways technology couldn’t prevent. That’s when I realised that this was a human problem we needed to solve.”

Seeing Security Through the Attacker’s Eyes

Fable Security’s approach is rooted in understanding both the employee and attacker behaviour. Nicole describes it almost like a conversation at both sides of the table.

“Looking at security from the attacker’s perspective changes how organisations design interventions,” she says. Employees often don’t even realise which actions put them at risk. By understanding predictable behaviours, we can build targeted, timely interventions instead of generic training modules that people forget.”

The company leverages data to identify risky behaviours and reinforce safe ones. Richard notes that this can turn the math of phishing attacks in an organisation’s favour, reducing the likelihood of a click from 40 per cent to 2 per cent, for example, meaning attackers have to try 50 times to succeed once.

Reinforcement Not Punishment

One of the major differences in Fable’s approach is how they treat learning. Traditional phishing simulations can leave employees feeling tricked or shamed. Fable focuses on reinforcement and repetition, creating a culture where security is part of everyday decision-making.

“We empower organisations with data to understand how employees behave and then help them stay one step ahead of attacks,” Nicole explains. “It’s not just about preventing business loss, it’s about protecting culture, brand, and employee safety.”

By shifting the focus from blame to understanding and from generic training to targeted behavioural interventions, organisations can finally address the human factor in cybersecurity with the seriousness and nuance it deserves.

For more information, visit fablesecurity.com

Takeaways

1. Cybersecurity is not just about technology; it's about people.
2. Traditional training often fails to change behaviour effectively.
3. Human errors are the leading cause of cybersecurity incidents.
4. Fable Security focuses on understanding and changing human behaviour.
5. The threat landscape is constantly evolving, requiring adaptive solutions.
6. Organisations must view security as a supportive, not punitive, measure.
7. Phishing simulations can be harmful if not conducted ethically.
8. Building trust with employees is essential for effective security training.
9. Employees can serve as valuable sensors for identifying threats.
10. Meaningful behaviour change requires a shift in mindset and approach.

Chapters

00:00 The Human Factor in Cybersecurity

01:11 Fable Security's Origin Story

04:23 Understanding Human Vulnerabilities

06:01 The Attacker's Perspective

08:29 Fable's Ad Tech Approach

12:04 Revolutionising Security Training

14:37 The Ethics of Phishing Simulations

19:42 Building Trust in Security Training

22:56 Empowering Employees as Sensors

27:40 Steps Towards Meaningful Behaviour Change

Rethinking Application Security for a New Reality

Since 2018, Bright Security has been helping organisations secure their applications and APIs. Gadi Bashvitz shares that the company’s journey has always been about anticipating challenges before they become crises. 

“And that’s what we did from 2019 to 2024—signed up some of the world’s largest financial institutions and insurance companies, so very proud of that customer base,” he explains.

But in 2024, everything changed. Customers started raising concerns about AI-assisted coding. Bashvitz recalls:

“Some of those customers came to us and said, ‘Houston, we’ve got a problem. We’re starting to adopt AI-assisted coding.’ We’ve gone from a world where a developer generates 100 per cent of code and 100 per cent of vulnerabilities, to one where that developer is now generating 200 per cent of code and 600 per cent of vulnerabilities. That AI-generated code is three times more prone to vulnerabilities.”

This shift exposes a fundamental truth, and that is that AI is reshaping software development, but not always in ways organisations are ready to manage. What was once a controlled DevOps process is now a rapid, high-volume environment where oversight can easily slip.

The Hidden Risks of AI-Generated Code

The impact is real and immediate. Marketing teams, product managers, and developers alike are generating code faster than ever, but without the traditional checks and balances. Bashvitz highlights that AI models are trained on open-source code, often without security in mind. This means vulnerabilities multiply at a rate that can overwhelm static tools or conventional security processes.

Organisations are feeling the pressure daily, realising that if they don’t adapt, AI-generated vulnerabilities could outpace their ability to detect and mitigate risks.

Embedding Security Into Every Step of Development

So how can enterprises regain control? Bashvitz is clear: it’s not too late, but action must be deliberate.

“At some point, there will be a few very, very significant hacks that will take us back,” he warns. “The key is to embed dynamic security measures directly into the development lifecycle. That’s how you catch vulnerabilities, even when code is being generated at an unprecedented scale.”

Dynamic Application Security Testing (DAST) is one approach Bright Security has championed. Unlike traditional static tools, dynamic testing integrates into code repositories and runs throughout the development pipeline, from unit tests to production deployment. This approach doesn’t just mitigate risk—it empowers teams to continue innovating without being paralysed by fear of vulnerabilities. The goal is to create a balance where AI-driven productivity and robust security coexist.

For more information, visit https://brightsec.com

Takeaways

• Bright Security was founded to address application and API security gaps.
• AI-driven code generation has significantly increased the number of vulnerabilities.
• Dynamic application security testing (DAST) is essential for modern development practices.
• Static analysis tools often produce high rates of false positives, wasting developer time.
• Organisations must adapt security practices to include both finding and fixing vulnerabilities.
• The integration of AI in security tools can streamline vulnerability management.
• Dynamic validation of static scan results can reduce noise in security findings.
• CISOs must collaborate with DevOps teams to ensure security is integrated into development.
• The rise of AI has introduced new types of vulnerabilities that need to be addressed.
• Security practices must evolve to keep pace with rapid technological changes.

Chapters

00:00 The Evolution of Application Security

03:41 AI's Impact on Code Generation

09:39 Challenges of Traditional Security Tools

16:31 Integrating AI in Security Solutions

21:20 Future of Security in AI-Driven Development

What if there is no next wave? What happens when every malicious email is now uniquely written by AI, personalised at scale, and never seen before?

In the recent episode of The Security Strategist podcast, host Richard Stiennon spoke with Alan LeFort, CEO of StrongestLayer, and Eric Sanchez, CISO at Global Law Firm, about how generative AI is reshaping email security — and why many traditional defences may already be obsolete.

Why is Email the Open Door to Attacks?

Stiennon questions what many security leaders tacitly ask – If most enterprises run on Microsoft’s ecosystem, why does a separate email security market even exist?

LeFort responds, stating that attackers are economically rational. They go where entry is cheapest and easiest. For decades, email has been that open door.

However, the industry has changed. First came secure email gateways built on rules and regex. Then, machine learning systems are trained to distinguish “normal” from “abnormal.” Both improved detection rates and both reduced risk.

But both depend on historical data. They need to have seen an attack before to stop it again.

Generative AI is believed to have changed that. It enables attackers to create perfectly written, highly personalised phishing emails at near-zero cost. According to a study from the Harvard Kennedy School, AI-generated phishing achieved a 54% click rate among trained employees — more than four times the baseline. Even more concerning, the cost of crafting those emails dropped from roughly $15–$20 in labour to just a few cents.

That economic shift is seismic. When every email can be unique, the pattern is difficult to spot, signatures are not updated, and a “previous attack” to learn from is nonexistent.

Is Alert Fatigue the Hidden Crisis?

While breach headlines dominate the industry, Sanchez spotlights a quieter operational threat – alert fatigue.

At Orrick, a global law firm handling hundreds of thousands of emails each month, traditional security tools generate a steady stream of alerts. Many turn out to be benign. Analysts triage, close, repeat, Sanchez shared that, over time, the burden compounds. Security teams spend less time stopping real attacks and more time managing noisy systems.

LeFort argues that false positives are not merely tuning problems — they are architectural problems. Most detection systems rely on a single scoring threshold. If something crosses the line, it’s flagged. If it doesn’t, it passes.

A key insight to note is that deception alone isn’t malicious intent. Marketing emails are persuasive and sometimes manipulative, yet harmless. A credential-harvesting email, on the other hand, carries real risk. Treating both on the same scoring axis inevitably creates noise.

From Pattern Matching to Reasoning

StrongestLayer’s approach, as described by LeFort, moves away from pure pattern recognition and toward reasoning. Instead of asking, “Does this match something bad we’ve seen before?” the system evaluates multiple dimensions: What harm would occur if this succeeds? Is it anomalous for this recipient? What is the sender’s likely intent? How much deception is present?

Crucially, it weighs evidence of innocence alongside evidence of guilt — akin to how opposing arguments are weighed in a courtroom.

Such a multi-dimensional analysis, LeFort believes, dramatically reduces false positives while still catching novel threats. For Sanchez, the operational benefit is tangible. He describes scenarios where traditional gateways failed to detect unusual phishing techniques, including Unicode-based obfuscation. A reasoning-driven system flagged the anomaly not because it recognised a known signature, but because the structure and context “didn’t make sense.”

That distinction is critical. AI-generated attacks do not need to repeat. They only need to work once.

What key Challenges will Security Teams Face within 2 Years?

All speakers agree that over the next 12 to 24 months, security teams face a dual challenge of sophistication and scale. AI lowers the cost of creating attacks and automating personalisation. When volume increases, precision increases and speed increases.

LeFort emphasises that organisations evaluating AI security tools should look beyond detection rates. Automation matters just as much. Does the system eliminate operational drag? Does it allow analysts to focus on strategic threats rather than inbox noise?

The consensus is that email remains the most common entry point into organisations. What has changed is the attacker’s economics. When personalisation costs pennies and sophistication is automated, defenders must respond in kind.

The question is no longer whether AI will influence email security. It’s already influencing email cybersecurity across enterprises. The real question is whether an enterprise's defences are still waiting to see the attack twice.

Key Takeaways

1. AI-generated attacks break detection models that rely on past patterns.
2. Email remains the easiest and most economical entry point for attackers.
3. Traditional tools force security teams into a reactive cycle.
4. Effective AI defence must evaluate context, not just rules.
5. Automation is now as critical as detection accuracy.
6. Stopping the first and only attack is the new security standard.

Chapters

00:00 Introduction to Cybersecurity and AI's Role

03:00 The Email Security Landscape and AI's Impact

05:49 Understanding Alert Fatigue and Its Consequences

08:52 Innovative Approaches to Email Security

11:48 The Necessity of AI in Modern Security

14:55 Future Priorities for Security Leaders

17:57 Conclusion and Key Takeaways

#EmailSecurity #AICybersecurity #GenerativeAI #Phishing #B2BSecurity #EnterpriseSecurity #CyberAttack #SecurityStrategist #StrongestLayer #AlertFatigue #CISO #TechPodcast #InfoSec #CyberDefence

In the recent episode of The Security Strategist Podcast, Abhi Sharma, Co-Founder and CEO of Relyance, speaks to Host Richard Stiennon, Chief Research Analyst at IT-Harvest.

Sharma tells Stiennon that most security tools are still built for a world before AI. In that world, data stays still long enough to be scanned, categorised, and managed. AI changes this model.

“We’re in the middle of a tectonic shift,” Sharma said. “For the first time, software behaviour is not just defined by the instructions you give it, but by the data in and around it.”

In modern AI systems, data is no longer just an asset. It becomes an instruction. The quality, frequency, distribution, and even the absence of data directly influence how models and agents function. This reality makes traditional security models dangerously incomplete.

“People are very good at answering what data they have and where it’s stored,” Sharma explained. “But they can’t answer how it got there or what happened along the way.” He argues that this missing context is where AI risk now resides.

Agentic AI Turns Data Movement Into Real Security Risk

The issue becomes critical with agentic and autonomous AI workflows. Here, decision-making is not based on fixed code but on a large language model operating in real-time.

“In these systems, your control logic is an LLM,” Sharma said. “It’s a black box.”

To complete tasks, AI agents must access tools, look at past decisions, copy production data, and dynamically manage infrastructure. In doing so, they create what Sharma calls ephemeral infrastructure—temporary environments that may exist for minutes and disappear without a trace.

For example, an agent working to improve cloud costs might create a high-performance database cluster, copy sensitive logs into a staging area, analyse them, and shut everything down in under 20 minutes.

“But in that process,” Sharma warned, “a default Terraform script might leave four S3 buckets open to the internet.” Traditional security scans, which often run every 24 hours, would never catch this.

“You don’t even know this little circus happened while you were asleep,” he said. “But it created a new risk.”

This is why Sharma believes that breaches in the AI era are no longer failures of data at rest but failures of data flow. Attackers don’t target identities or tools in isolation; they target outcomes—especially the theft or destruction of data. Those outcomes occur through movement over time.

Data Journey Solution for Responsible AI

Despite the widespread use of DSPM, DLP, IAM, AI gateways, and governance platforms, Sharma sees the same pattern in the Fortune 500: security incidents continue not because the tools lack usefulness, but because they operate in silos.

“All of the real business impact,” he said, “comes down to flow.”

Relyance’s solution is what Sharma calls data journeys—a unified, time-aware view of how data moves across identities, tools, infrastructure, and persistent assets. “If you can consistently reason across all of those layers,” Sharma said, “you finally have a chance to protect data and enable safe, responsible AI.”

Looking ahead to 2026 and beyond, he predicts security, governance, and compliance will merge around this shared visibility. Organisations will move away from simple audits toward infrastructure that builds trust by design.

Sharma challenges every CIO, CISO, and CTO at the end stating:

“Can you always reason about what human or non-human identities, using which tools or agents, took what actions that led to specific data flows over time?”

“If you can answer that,” he said, “there is no other way to control AI risk.”

In the age of autonomous AI, knowing where your data lives is essential. Knowing its journey may be the only thing standing between innovation and the next breach.

Takeaways

1. Conventional data maps are becoming obsolete in AI.
2. Data security must focus on real-time data flows.
3. Understanding data journeys is crucial for security.
4. Siloed security tools fail to address real risks.
5. AI agents create ephemeral infrastructure that complicates security.
6. The future of data security lies in dynamic data journeys.
7. Security, governance, and compliance teams must converge.
8. Trust in data security requires visibility and obligations balance.
9. AI will necessitate new approaches to data governance.
10. CIOs must prioritise reasoning about data flows.

Chapters

1. 00:00 Introduction to AI and Data Security
2. 01:36 The Shift from Space to Time in Data Security
3. 03:42 Understanding Data Flow and Security Challenges
4. 07:18 Siloed Security Tools and Their Limitations
5. 09:52 Dynamic Data Journeys: A New Approach
6. 11:37 The Role of AI in Data Security
7. 12:58 Convergence of Security, Governance, and Compliance
8. 15:07 Key Takeaways for CIOs and Security Leaders

#AISecurity #DataFlow #Cybersecurity #AgenticAI #DataJourneys #DLPisDead #DSPM #LLMSecurity #EphemeralInfra #DataSecurityRisk #CISO #CIO #CTO #DataGovernance #RiskManagement #TheSecurityStrategist #RelyanceAI #AbhiSharma #TechPodcast #LLMSecurity #EphemeralInfra #DataSecurityRisk

Follow: @EM360Tech on YouTube, LinkedIn and X

Relyance YT: @Relyance

Relyance LinkedIn: https://www.linkedin.com/company/relyanceai/

Relyance X: @relyanceai

As AI-driven attacks increase and cybercrime combines digital, physical, and reputational risks, executives and their close contacts have become prime targets. Protecting the business now involves protecting executives in their personal lives.

Broad Attack Surface: Private & Corporate Properties

Pierson points out that cybercriminals follow basic economic principles. Attacking a company that spends millions on security is costly and time-consuming. Instead, targeting an executive’s personal life—home networks, private emails, family devices—is cheaper, quicker, and often much more effective.

Executives work in various environments–primary homes, vacation properties, private jets, yachts, and remote offices equipped with smart home technology. Each of these locations broadens an attack surface that traditional corporate security programs rarely address. Home automation systems, private Wi-Fi networks, and personal email accounts have become part of the corporate risk landscape, regardless of whether organisations recognise this.

Pierson notes that taking over personal email accounts continues to be the number one attack method, especially for board members who often revert to personal accounts instead of using corporate options. Once attackers gain access, they can steal intellectual property, intercept financial transactions, or link back into the corporate network. The executive home, he states, is no longer just near the perimeter—it is the perimeter.

AI, Deepfakes, and the Rise of Targeted Impersonation

The discussion becomes even more pressing when addressing AI-enabled threats. Deepfakes, once a possibility, are now practical tools for fraud and extortion. Pierson spotlights a critical incident in early 2024, when a deepfake impersonation of a CFO allowed attackers to move tens of millions of dollars in one event.

AI has removed much of the background work attackers used to do. Public executive biographies, earnings calls, videos, and high-resolution images provide everything needed to imitate a voice or face. What used to take days to research can now happen in mere seconds. This leads to a rise in hyper-realistic business email scams, payment diversion schemes, and reputational attacks that make it hard to distinguish between truth and lies.

Beyond financial losses, the reputational and personal fallout can be significant. Family members can become collateral damage, private moments can turn into leverage, and the risks to physical safety rise when travel plans and locations become known. As Pierson stresses, digital and physical executive protection are now interconnected.

The podcast message relays–high-level threats require specialized defenses. BlackCloak’s strategy, which Pierson refers to as “Digital Executive Protection,” safeguards a small but vital group: board members, the C-suite, executive leaders, and key personnel like patent holders, system administrators, executive assistants, and chiefs of staff. These individuals hold essential information, and attackers are aware of this.

For security leaders, the question is no longer whether this risk exists, but how quickly they can act to mitigate it. In an age of AI-driven cybercrime, reducing the executive attack surface may be the most crucial security investment an organisation can make.

Takeaways

1. Digital Executive Protection is essential for modern security strategies.
2. AI is changing the landscape of cyber threats significantly.
3. Home networks are increasingly becoming targets for cybercriminals.
4. Reputational risks can affect not just individuals but their families, too.
5. Deepfakes pose a new level of threat to corporate executives.
6. Organisations must consider the personal lives of executives in their security plans.
7. The attack surface for executives is expanding beyond the corporate environment.
8. Cybersecurity must evolve to address the vulnerabilities of home networks.
9. Protecting key personnel is crucial for maintaining corporate integrity.
10. BlackCloak specialises in providing Digital Executive Protection services with concierge support.

Chapters

1. 00:00 Introduction to Digital Executive Protection
2. 02:53 The Evolving Threat Landscape
3. 06:04 AI's Role in Cybersecurity Threats
4. 09:05 Home Networks as New Battlegrounds
5. 11:54 Reputational and Financial Risks
6. 14:56 Extending Protection Beyond Executives
7. 17:01 Final Thoughts and Recommendations

#DigitalExecutiveProtection #Cybersecurity #ExecutiveProtection #AICyberAttacks #Deepfakes #CyberRisk #HomeSecurity #CISOs #CorporateSecurity #TechPodcast #Cybercrime #BlackCloak

Follow: @EM360Tech on YouTube, LinkedIn and X BlackCloak YT: @blackcloakcyber2494 https://www.linkedin.com/company/blackcloak/ BlackCloak LinkedIn: @BLACKCLOAK BlackCloak X: @BlackCloakCyber

In the recent episode of The Security Strategist podcast, Raz Rotenberg, CEO and Co-Founder of Fabrix Security, sat down with host Richard Stiennon, Chief Research Analyst at IT Harvest.

“Everything we knew about identity is about to change,” Rotenberg cautioned Stiennon. “We’ve viewed identities as mostly static. But AI agents are dynamic. They can do various tasks, change their behaviour, vanish, and reappear. Static identity models won’t survive.”

The Unplanned Identity Explosion

Identity has always been complex, but the scale and variety of identities that security teams face today are unprecedented. Besides employees and contractors, organisations now deal with service accounts, cloud workloads, APIs, and increasingly, AI-driven agents that function on their own.

According to Rotenberg, the challenge isn't just the number of identities; it's their variability. “The number of ways identities can behave is infinite,” he explained. “Every organisation is unique, every system is distinct, and identities are now changing in real time.”

CISOs already see this explosion. Stiennon also noted during the podcast that AI is quickly becoming a major source of new identities, with agents being deployed widely and given credentials to operate at machine speed.

However, most identity programs still depend on static role-based models and periodic reviews, approaches that struggle to keep up with dynamic, non-human agents.

Multiple Identity Tools Can Lead to Hidden Risks

Despite a crowded identity security market with hundreds of vendors in IAM, PAM, IGA, and cloud identity, Rotenberg argues that the main issue is not a lack of tools.

“We’ve had identity tools for decades,” he said. “They do a good job of facilitating operations aimed at reducing risk. But they all miss the same point – they rely too much on the human factor.”

Each tool, he explained, only sees a part of the identity landscape. Identity providers handle authentication, PAM tools manage privileged access, and governance platforms oversee reviews. None provides a unified, real-time view of identity behaviours across systems.

The Fabrix CEO calls it “partial truth.” Security teams dealing with identity issues have to manually gather data from various platforms, piece it together, and make decisions with incomplete information.

“This leads to long review cycles, manual investigations, and over-provisioning by default,” he said. “Permissions get copied and duplicated because people don’t fully grasp who has access to what or why.”

This can often lead to unclear decisions, with the organisation handing out more permissions than fewer. Eventually, it creates sprawling identity landscapes filled with excessive privileges and risky combinations. In some cases, an individual might have limited rights in one system but full control in another without anyone noticing.

“Misconfigurations can occur between systems,” Rotenberg noted. “Things don’t align. And without a unified view, these risks remain hidden.”

The Need for Identity Intelligence Layer

Fabrix’s solution to this fragmentation is what Rotenberg calls an identity intelligence layer. This layer brings together existing identity tools without replacing them. They aim to continuously gather signals from IAM, PAM, IGA, cloud platforms, and other sources, then process them in real time.

“It’s not about tearing everything out,” Rotenberg said. “Each tool serves a purpose. But when you connect them through an intelligence layer, you can finally understand your entire identity framework.”

This intelligence layer aims to lessen reliance on manual decision-making. By providing contextual insights and recommendations at the moment decisions need to be made—and eventually automating those decisions—it addresses what Rotenberg sees as identity security's weakest link – human judgment at scale.

“Even if you set good policies, enforcing them continuously and at scale is impossible without automation,” Rotenberg said. “There’s simply too much data.”

Over time, he envisions identity systems that not only provide insights but also manage access automatically. They would revoke permissions, flag anomalies, and adjust as identity behaviours change.

“Rather than enforcing more rules,” Rotenberg added, “we need intelligence layers that constantly understand who has access, why that access exists, and whether it still makes sense.”

Watch the podcast at em360tech.com. For more information, please visit fabrix.security.

Takeaways

1. Identity security is becoming increasingly pivotal in modern organisations.
2. The complexity of managing identities is compounded by the rise of AI agents.
3. An intelligence layer is essential for effective identity security.
4. Automation is crucial for managing identity security at scale.
5. Fragmented identity management systems lead to operational inefficiencies and increase risk.
6. Organisations often have over-permissive identities due to poor management practices.
7. Integrating existing tools with an intelligence layer can enhance security.
8. CISOs need to rethink their identity architecture for future flexibility.
9. Identity security is shifting from a static to a dynamic approach.
10. Continuous monitoring and adaptation of identity access is key.

Chapters

1. 00:00 Introduction to Identity Security Challenges
2. 02:53 The Role of Identity Intelligence
3. 05:38 Operational Inefficiencies in Identity Management
4. 08:49 Integrating Intelligence into Existing Tools
5. 11:43 Rethinking Identity Architecture for AI Agents

About Fabrix Security

Fabrix Security builds AI Agents designed specifically for identity security. With identities multiplying across SaaS, cloud, and on-prem environments, Fabrix equips IAM teams with the intelligence to make confident, explainable access decisions – right at the moment of decision.

By infusing AI into identity security, Fabrix closes today’s biggest gap: visibility and intelligence. It enhances existing IAM workflows with speed, consistency, and accuracy, cutting through the chaos of manual, context-less decision-making. From user access reviews and access requests to full identity lifecycle management and AI-agents governance, Fabrix delivers intelligent, scalable, and proactive identity security.

#IdentitySecurity #AIagents #Cybersecurity #CISO #IAM #FabrixSecurity #FutureofIdentity #TechPodcast #TechPodcast #CloudSecurity #DynamicIdentity #SecurityIntelligence #FutureofIdentity #InfoSec

Understanding the IoT-OT Disconnect

As time passes, the historical divide between IT and OT persists. As highlighted by Dr Kraemer, the operational technology sector has traditionally prioritised physical safety and availability over data confidentiality. This disconnect has created a significant gap in security policies, leaving IoT devices vulnerable to exploitation. The conversation emphasises that as organisations connect these previously isolated systems to IT networks, they inadvertently expose themselves to new risks, demanding a reevaluation of security strategies.

Addressing Security Challenges

Dr Kraemer points out that securing data access is critical, especially for organisations that deploy IoT devices across multiple sites. For instance, managing security for an elevator company with installations worldwide presents unique challenges. Organisations must navigate various networks and ensure compliance with new legislative requirements, such as the Cyber Resilience Act and NIS2 directive. These regulations demand a structured approach to security that many legacy OT environments struggle to meet.

The Importance of Unified Data Management

As IoT solutions proliferate, organisations often find themselves managing a patchwork of legacy systems and newer platforms. Dr Kraemer advocates for a hybrid approach, suggesting businesses create a unified data plane that integrates new and old systems. This strategy allows organisations to maintain operational continuity while gradually transitioning to modern platforms, ultimately leading to enhanced innovation and efficiency.

Buy and Build Strategy

A significant takeaway from the podcast is the concept of “buy and build.” Instead of choosing between purchasing a platform or developing one in-house, organisations should leverage established platforms like Cumulocity while also building innovative applications tailored to their specific needs. This dual approach allows businesses to focus on high-value projects without getting bogged down by the complexities of underlying infrastructure.

The dialogue sheds light on the pressing need for organisations to adapt their cybersecurity strategies to accommodate the complexities of IoT and OT environments. By understanding the historical disconnect, addressing security challenges, and adopting a buy and build approach, enterprises can improve their cybersecurity posture and drive innovation in an increasingly interconnected world.

To find out more, visit https://www.cumulocity.com/

Takeaways

• IoT devices are often treated as secondary in security policies.
• The historical divide between IT and OT creates security challenges.
• Organisations struggle with integrating legacy and modern IoT systems.
• A buy-and-build strategy allows for innovation while ensuring security.
• Deployment flexibility is crucial for global IoT operations.
• Data silos hinder effective analytics and AI integration.
• A unified data lake can enhance insights from IoT data.
• Regulatory compliance is a growing concern for IoT security.
• Organisations need to enforce strong security measures across the entire IoT lifecycle.
• IoT should be viewed as a data-driven business opportunity rather than just a connectivity issue.

Chapters

00:00 Introduction to IoT Security Challenges

04:01 The Disconnect Between IT and OT Security

10:00 Challenges in Integrating IoT Platforms

17:09 Buy and Build Strategy for IoT

20:08 Modern Data Pipelines and AI Integration

24:07 Bridge between AIOT and IOT

28:02 Best Practices for IoT in Risk Management

On this episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, spoke with Daniel Martin, Director of Product Management at Rapid7. They discussed how modern Security Operations Centres (SOCs) are evolving, where AI truly adds value, and why outcomes—not features—should guide cybersecurity teams.

A recurring theme in their discussion was that while the threat landscape continues to evolve, many core challenges for SOCs remain unchanged. According to Martin, security teams still struggle with alert fatigue, lack of context, and the pressure to respond quickly—all while juggling increasingly complicated domains.

Organisations now require detection and response that is tailored to their specific environment, not generic threat models. Such a shift explains the rise of Managed Detection and Response (MDR) and the decline of one-size-fits-all managed security services. Customers want results, not noise, and they seek partners who understand their business context.

Martin says that this philosophy lies at the heart of Rapid7’s approach to Incident Command, its modern Security Information and Event Management (SIEM) offering. Instead of treating SIEM, Security Orchestration, Automation, and Response (SOAR), and threat intelligence as separate tools, Incident Command integrates them directly into the analyst workflow. The aim is to provide decision support in real-time—delivering relevant context, threat intelligence, and recommended actions exactly when needed, without making analysts switch between different systems.

Martin emphasised that a modern SIEM's success isn’t measured by the amount of data it can handle, but by how effectively it helps analysts make high-quality decisions quickly. Automation is important, but only if it’s applied thoughtfully. Deterministic automation, which includes actions that are predictable, auditable, and repeatable, remains vital for security operations. AI is most useful when it aids reasoning, summarisation, and prioritisation instead of completely replacing human judgment.

“There’s a lot of excitement around autonomous security,” Martin noted, “but chaining unpredictable decisions together is not something customers can trust.” Instead, Rapid7 focuses on using AI to assist analysts at specific moments in an investigation, such as summarising activity, adding context to alerts, or helping decide if more data collection is needed.

Also Watch: Is Your Attack Surface a Swiss Cheese? Solving Attack Surface Management (ASM) Challenges

“Customer Zero” Approach

A key aspect of Rapid7’s product development is its “customer zero” approach. By running its own global MDR SOC, Rapid7 continuously incorporates real analyst feedback into product design. Martin shared that an early mistake was putting AI-driven insights in a separate interface to avoid disrupting workflows; this was quickly corrected after analysts indicated they wouldn’t leave their main view to check a secondary opinion. The lesson was clear: if context matters, it must be available where decisions are made.

Looking ahead to 2026, Martin sees the next step in detection and response as increased visibility combined with better management of the environment. Customers expect MDR providers and security platforms to gather signals beyond traditional EDR and cloud alerts—without overwhelming analysts with extra noise. He believes that achieving this balance is where AI-assisted automation and context-aware workflows will have the greatest impact.

When asked for a final takeaway for CISOs and IT leaders, Martin returned to a theme that ran throughout the conversation: focus on results. It’s easy to be distracted by flashy new features or the latest AI trends, but security improves only when organisations clearly define their goals. When customers express their priorities and vendors align with them, trust increases—and meaningful progress follows.

In a landscape full of tools and promises, Martin believes the future of security operations isn’t about removing humans from the process. It’s about empowering them with the right context, effective automation, and AI that enhances—not replaces—the most important decisions.

Takeaways

1. Organisations are still facing the same core challenges in cybersecurity despite technological advancements.
2. There is a growing demand for more environmental context in detection and response.
3. MDR services are evolving to focus on partnerships rather than just product delivery.
4. Rapid7's Incident Command aims to improve decision support in SOC operations.
5. Automation should be frictionless and integrated into the analyst's workflow.
6. Deterministic automation is crucial for reliable security outcomes.
7. Analysts need to learn from real-time data to enhance response strategies.
8. The future of detection and response will involve broader visibility and ownership of customer environments.
9. Building trust with customers is essential for effective cybersecurity partnerships.
10. Focusing on customer outcomes is key to improving security operations.

Chapters

1. 00:00 Introduction to Cybersecurity and AI Innovations
2. 02:01 Shifts in SOC Operations and Customer Challenges
3. 04:29 MDR Services: A New Approach to Cybersecurity
4. 06:02 Rapid7's Incident Command: Enhancing SIM with Context
5. 08:26 Automation in Cybersecurity: Balancing Efficiency and Control
6. 11:01 Learning from Analysts: Enhancing Response and Automation
7. 12:43 The Future of Detection and Response in Cybersecurity
8. 14:23 Key Takeaways for Security Leaders

#Cybersecurity #Rapid7 #SecurityStrategistPodcast #AIinSecurity #SecurityOperations #SOC #MDR #SIEM #SOAR #IncidentCommand #ThreatDetection #Response #Automation #HumanLedAIDriven #TechPodcast #FutureofSecurity #CISOTakeaways #ITLeaders

Guest: John Amaral, Co-Founder & CTO, Root.io

Host: Chris Steffen, VP of Research, Enterprise Management Associates (EMA)

For over a decade, shift-left security has been the leading idea in DevSecOps. The concept was straightforward: move security earlier in the software development process so vulnerabilities could be fixed more quickly and cheaply.

However, new benchmark data suggests that the reality is quite different.

In the latest episode of The Security Strategist podcast, Chris Steffen sat down with John Amaral, Co-Founder and CTO of Root.io, to discuss why shift-left has stalled and why autonomous remediation and “shift-out” security is the best option moving forward.

One striking data point mentioned in the episode comes from the Shift-Out Benchmark Report by Root. It reveals that 82 per cent of organisations say they are confident in their shift-left strategy; however, only four per cent have achieved zero CVE backlog.

“That four per cent shocked me,” Steffen expressed during the conversation. “Honestly, it felt high.”

Amaral explained that this gap exists because the industry has focused on detection instead of remediation. “We built CVE detection at computer speed,” Amaral noted. “But remediation has never scaled beyond human speed.”

Modern pipelines can quickly identify vulnerabilities, open tickets, and generate extensive lists. However, the actual work of fixing those vulnerabilities still falls on engineering teams.

Detection Scales but Humans Don’t

Shift-left claimed that developers could fix security issues faster because they work closely with the code. In reality, that assumption falls apart, particularly for third-party and open-source dependencies.

The Root CEO added that developers are being asked to fix code they didn’t write, don’t own, and don’t understand. “They want to build features, not reverse-engineer open-source libraries.”

With over 90 per cent of modern applications built by leveraging open-source models, fixing vulnerabilities often depends on upgrades. Often, this ends up forming a risky trade-off.

Upgrading dependencies has long been the go-to remediation strategy. However, recent supply-chain attacks—like “Sha1-Hulud-style malware injections”—have shown how dangerous blind upgrades can be.

“If you compromise a popular repository at the right moment, malware can spread to millions of downstream projects in minutes,” Amaral warned.

Organisations now face a difficult choice between upgrading automatically and risking a malware spread or pinning dependencies that build CVEs hard to fix quickly. “Pinning protects you from supply-chain attacks,” Amaral says, “but now you’ve created a CVE backlog you don’t have the resources to clear.”

What Is “Shift-Out” Security?

Instead of focusing remediation efforts earlier (shift-left), Amaral suggests organisations need to shift it out—removing the responsibility from developers entirely.

Shift-out security stresses on pinned dependencies to prevent untrusted upgrades, automated backporting and patching for known CVEs and AI-backed remediation that operates independently of engineering teams.

“Remediation shouldn’t be done by your engineers,” the co-founder of Root tells Steffen, “It should be managed by technology that operates at the same speed as detection.”

This method allows organisations to keep tight control over dependencies while still meeting service level agreements for critical and high-severity vulnerabilities.

“In 2026, you need a real dependency management strategy—one that assumes supply-chain attacks will keep happening,” Amaral added.

With state actors increasingly targeting open-source environments, the stakes continue to rise. “Sha1-Hulud is just the tip of the iceberg,” Amaral concluded. “This will happen again and again. You need to be ready.”

Shift-left helped organisations identify their risk, but it didn’t eliminate it. As vulnerability backlogs increase and engineering teams face burnout, autonomous remediation and shift-out security are becoming the next step in DevSecOps.

To learn more about this approach, visit Root.io or listen to the full episode of The Security Strategist podcast on EM360Tech.

Takeaways

1. The shift left approach is not yielding the expected results.
2. Only 4% of teams have achieved zero CVE depth, indicating a significant gap in vulnerability management.
3. Remediation processes have not scaled with the speed of detection, leading to a backlog of vulnerabilities.
4. Engineers prefer to work on first-party code rather than third-party open source libraries, complicating remediation efforts.
5. Burnout among engineers is a critical issue due to the overwhelming vulnerability management tasks.
6. Security is increasingly viewed as a business problem, impacting organisational success.
7. Effective vulnerability management requires a shift towards autonomous remediation.
8. Pinning dependencies can help mitigate risks associated with open source vulnerabilities.
9. The Shia Lute attack exemplifies the risks of automated upgrades in software supply chains.
10. Organisations need a cogent strategy for managing software dependencies to stay ahead of security threats.

Chapters

1. 00:00 Introduction to Cybersecurity Challenges
2. 03:00 The Shift Left vs. Shift Out Debate
3. 05:48 Understanding Vulnerability Management
4. 08:58 The Role of Open Source in Security
5. 11:40 Impact of Vulnerability Remediation on Engineering Teams
6. 15:00 The Business Perspective on Security
7. 18:02 Autonomous Remediation and Its Importance
8. 20:47 Strategies for Effective Vulnerability Management

#Shift-leftsecurity #vulnerabilitymanagement #autonomous

remediation #softwaresupplychainsecurity #CVEbacklog #DevSecOps #Root.io #EM360Tech #dependencymanagement #shift-outsecurity

They particularly dive deep into the critical importance of API visibility and discovery in the context of rising AI integration within enterprises. They discuss the challenges organisations face in securing APIs, the significance of understanding the attack surface, and the role of governance in managing risks.

The conversation also covers the emerging Model Context Protocol (MCP) and its implications for API security, as well as the future landscape of cybersecurity as AI systems become more autonomous. Schwake emphasises the need for CISOs to be proactive in engaging with AI projects to ensure security is prioritised.

If this system isn’t secured, the entire organisation faces risks.

APIs: The Foundation of AI

APIs have been vital to business structures for years, especially with the growth of microservices. However, Schwake argues that AI has changed the scale of the issue significantly.

“We saw a big increase in the number and usage of APIs when microservices became popular,” Schwake explained. “Now, with AI, it’s just 10 times or even 100 times whatever it is for APIs.”

While much of the industry talk has centred on large language models (LLMs), Schwake emphasised that the real actions—and risks—occur one layer below.

“Everything happening is driven by APIs. The AI agents, the MCP servers, the agents communicating with the LLMs—all of it is API traffic.” In essence, AI may represent innovation, but APIs are the mechanisms that enable it.

API is the “Nervous System” Organisations Overlook

As companies rush to implement copilots, agents, and automation, security often takes a back seat. Schwake warned that this creates a dangerous blind spot. “You need to ensure that you’re securing that underlying nervous system of this new world—and that relies on APIs.”

This lack of attention has resulted in a surge of unknown, unmanaged, and “shadow” APIs, many of which were never documented or designed with security in mind. Without continuous discovery, security teams might not even know what they are trying to protect.

“Visibility is a challenge in security. If you don’t have visibility, you can’t see what you’re protecting—you’re essentially out of luck.”

Discovery First, Governance Second

For the Director of Cybersecurity Strategy, API security begins with understanding the attack surface. This principle hasn’t changed in 20 years, but AI has made it more crucial. “With AI, the attack surface on APIs could grow tenfold. If you don’t have a grasp of that attack surface, you won’t be able to protect it.”

After identifying APIs, the next step is governance. This includes finding owners, setting rules, and reducing risks before attackers exploit vulnerabilities. “You want to ensure that there isn’t a big open gap inviting attackers.”

This becomes even more important as AI tools start writing code and generating APIs, raising both speed and risk.

Schwake concluded the discussion with a clear message for security leaders. “From a CISO perspective, ensure that you engage as early as possible with these projects.”

AI initiatives often start outside of traditional security processes, increasing risk by default. CISOs need to insert themselves early, understand business developments, and safeguard the underlying APIs. “You want to support business success and speed, but also ensure it’s secure.”

API security is no longer a secondary issue. It’s essential for determining whether innovation can scale safely or risks becoming the next major breach story.

Takeaways

1. API visibility and discovery have become crucial due to the rise of AI.
2. Organisations are experiencing a massive increase in APIs.
3. Visibility is essential for effective security management.
4. Understanding the attack surface is key to protection.
5. Governance is necessary to mitigate risks after discovery.
6. MCP serves as a foundational layer for AI communication.
7. The future of API security is rapidly evolving and uncertain.
8. CISOs must engage early in AI projects to ensure security.
9. Security should be integrated into AI development from the start.
10. Organisations need to be aware of AI-related security threats.

Chapters

1. 00:00 Introduction to API Security and Visibility
2. 01:24 The Rise of APIs and AI in Cybersecurity
3. 05:04 Challenges in Securing APIs and AI Integration
4. 07:08 Discovery and Governance of APIs
5. 09:02 Understanding MCP and API Interactions
6. 11:04 Future of API Security in an AI-Driven World
7. 13:37 Key Takeaways for CISOs

#AI #Cybersecurity #APISecurity #AIAgents #AutonomousAI #techpodcast #CISO #APIVisibility #ShadowAPIs #DigitalTransformation #SecurityStrategist

Matt Fangman, Field CTO at SailPoint, explains on The Security Strategist podcast that this new power has costs. AI agents have turned into a new, mostly unmanaged identity type. Enterprises are just starting to realise how far behind they are.

In the recent episode of The Security Strategist podcast, guest Fangman sat down with Alejandro Leal, Senior Analyst at KuppingerCole. They talked about the implications of AI agents for identity security and the rapid evolution of AI agents, the challenges of visibility and governance, and the need for operational control in managing these agents.

The conversation highlights the importance of just-in-time permissions, the evolution of identity controls, and strategic moves for CISOs to manage the risks associated with agent-based operations.

AI Agents Creating Brand New Identity Layers

Fangman notes a turning point in the last 12 to 18 months, driven by the fast development of large language models (LLMs). These models gave agents the reasoning and autonomy to change from toys in a sandbox to real virtual workers.

Organizations can now train agents with goals, equip them with tools, and connect them to one another. Since these agents do not tire, slow down, or forget, companies see a chance to grow their workforce without hiring new people.

The issue is: They didn’t establish identity controls for these AI workers.

“They’ve created a brand-new layer of identities,” Matt says, “but without the protections, ownership, or visibility that exist for humans.”

Shadow agents, sometimes numbering in the thousands, operate unnoticed. Identity teams are unaware of them, security teams can’t monitor them, and cloud teams might spot them briefly in a dashboard, thinking they are someone else’s issue. Meanwhile, the agents themselves explore, share tools, and adapt.

It’s a governance gap that keeps widening.

When Leal asks how the industry should respond, Fangman answers: “Start by treating agents like people. Give them roles. Define what they can access. Apply entitlements. Enforce policy.”

When asked for advice for CISOs and what they should do before agents start to overwhelm security programs?

The SailPoint Field CTO recommends beginning with inventory. If an organisation does not know what agents exist, what they access, or what they are doing, nothing else matters. Assigning each agent a corporate identity and tracking its behaviour is the essential foundation for everything that follows.

Takeaways

1. AI agents are becoming operational actors in business systems.
2. The lack of visibility into agents creates governance risks.
3. Just-in-time permissions are essential for managing agents.
4. Agents are evolving into peer systems within organisations.
5. Identity management is shifting towards relationships and context.
6. CISOs need to inventory and track agent behaviour.
7. Behaviour logging is crucial for ensuring agent compliance.
8. Identities for agents will be a new focus area.
9. Control of basic identity management practices is vital.
10. The evolution of AI agents is reshaping identity security.

Chapters

1. 00:00 The Rise of AI Agents in Identity Security
2. 03:14 Challenges of Visibility and Governance
3. 05:51 Building an Operational Control Plane
4. 09:03 Evolving Identity Controls for Multi-Agent Systems
5. 12:08 Strategic Moves for CISOs in Managing Agents

In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, sits down with Pascal Geenens, VP of Threat Intelligence at Radware, to discuss why CISOs need to rethink their long-held beliefs about attackers, users, and what “web traffic” really means in an AI-driven world.

They talk about the dual nature of AI in cybercrime, the emergence of new tools that facilitate attacks, and the importance of automated pen testing as a defence strategy. The conversation also highlights vulnerabilities associated with AI assistants, such as indirect prompt injection, and emphasises the need for organisations to adopt best practices to safeguard against these threats.

Also Watch: From Prompt Injection to Agentic AI: The New Frontier of Cyber Threats

AI Attacks Lower the Barrier for Cybercrime

Geenens tells Stiennon that AI’s biggest effect on security is not a new type of futuristic attack but rather its scale and accessibility. Tools like WormGPT, FraudGPT, and advanced platforms like Xanthorox AI provide reconnaissance, exploit development, data analysis, and phishing as subscription-based services. For a few hundred dollars each month, attackers can access AI-assisted tools that cover the entire cyber kill chain.

This “vibe hacking” model resembles vibe coding. Attackers describe their goals in natural language, and the AI generates scripts, reconnaissance workflows, or data extraction logic. While these tools have not fully automated attacks from start to finish, they significantly lower the skills needed to engage in cybercrime. As Geenens explains, attackers can now target hundreds or thousands of organisations simultaneously, a task that once required large teams.

Attackers can now afford to fail repeatedly as part of their learning process, while defenders cannot. Even flawed AI-generated exploits speed up scanning, vulnerability detection, and phishing at levels that security teams find challenging to handle. The result is a threat landscape that uses familiar techniques but operates with greater speed and intensity.

Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS Challenges

AI Assistants & Browsers Creating Invisible Data Leak Risks

The second, and more alarming, change that the VP of Threat Intelligence emphasises occurs within companies themselves. As organisations use AI assistants and AI-powered browsers, they delegate authority along with convenience. These tools require access to emails, documents, and business systems to be effective, and this access creates new risks.

Indirect prompt injection, shadow leaks, and echo leaks turn normal workflows into potential attack vectors. For instance, an AI assistant summarising emails may unintentionally process hidden commands within a message. These commands can lead the model to inadvertently leak sensitive information without the user clicking any links or noticing anything unusual.

In some cases, the data doesn't even leave the endpoint; it exits directly from the AI provider's cloud infrastructure, completely bypassing established data loss prevention and network monitoring.

Meanwhile, Geenens points to a fundamental shift in traffic patterns. The web is moving from human-to-website interactions to machine-to-machine communications. AI agents browse, conduct transactions, and query on behalf of users.

Bot traffic is growing rapidly, surpassing human traffic, and traditional controls, such as CAPTCHA or login challenges, are no longer effective. Defenders must now focus on behaviour rather than identity—understanding what a machine is trying to do and whether that behaviour matches business intent.

For CISOs, the message is straightforward: AI is unavoidable, but it needs to be used with proper governance, monitoring, and behavioural security measures. Understand what data AI assistants can access, log their activities, and get ready for a future where most traffic is automated. Attackers have already adapted.

Also Watch: Can You Stop an API Business Logic Attack?

Takeaways

1. The holiday season sees an increase in cyber threats.
2. AI tools like Worm GPT and Fraud GPT are changing the threat landscape.
3. Automated pen testing can help organisations defend against AI-driven attacks.
4. Indirect prompt injection poses significant risks to data security.
5. Organisations must monitor AI assistant interactions closely.
6. Vibe hacking is a new trend that lowers the barrier to entry for cybercriminals.
7. Behavioural analysis is crucial as machine-to-machine communication increases.
8. Pen testing remains essential to identify vulnerabilities before attackers do.
9. AI can automate parts of attacks, but is not fully autonomous yet.
10. CISOs need to implement strict controls when deploying AI technologies.

Chapters

1. 00:00 Introduction to Cybersecurity Threats During Holidays
2. 02:37 AI's Role in Evolving Cyber Threats
3. 05:45 The Impact of AI Tools on Cybercrime
4. 08:59 Automated Pen Testing and AI's Defensive Role
5. 11:45 Indirect Prompt Injection and AI Vulnerabilities
6. 14:37 Best Practices for CISOs in the Age of AI
7. 21:39 The Future of Cybersecurity: Machine-to-Machine Communication

Gross emphasises that the foundation of successful enterprise transformation is having the right data. Organisations need accurate information, clear visibility into device status, and meaningful context to make informed decisions. Without this foundation, even the most advanced platforms cannot deliver their full potential.

Strengthening Security and Lifecycle Management

As the number of connected devices grows, resilient cybersecurity and cloud security are critical. Bernd shares practical insights for protecting enterprise systems while maintaining smooth operations, from managing access to ensuring device integrity across distributed networks. Alongside security, lifecycle management ensures devices are monitored, maintained, and retired efficiently. Organisations that integrate lifecycle management into daily operations see fewer disruptions and higher overall reliability.

Data Strategy and Automation for Smarter Operations

Connected platforms are only as valuable as the data they generate and the processes they support. Bernd explains that a clear data strategy is essential for enriching information, understanding device performance, and driving operational decisions. Automation also plays a key role, allowing enterprises to act quickly, scale efficiently, and maintain control over complex systems. By connecting device management, enriched data, and automated processes, organisations can respond to challenges faster, optimise performance, and create a foundation for long-term transformation.

This episode provides practical guidance for technology leaders looking to improve operational efficiency, strengthen security, and optimise connected platforms. For more insights and resources on connected platforms, visit Cumulocity.

Takeaways

• Cumulocity is a leading IoT platform focused on B2B industrial use cases.
• Security in connected operations requires both IT and OT security measures.
• No open ports towards the internet is a critical security rule.
• Device certificates are essential for secure communication.
• Lifecycle management is crucial for maintaining connected devices.
• On-premise systems may not be as secure as perceived compared to cloud solutions.
• Automation can significantly reduce maintenance costs and improve efficiency.
• Data enrichment is necessary for effective AI model training.
• Many enterprises struggle with the data challenge in AI deployment.
• Clear business outcomes should guide IoT and AIoT initiatives.

Chapters

00:00 Introduction to IoT and AIoT Transformation

04:40 Security Challenges in Connected Enterprises

13:01 On-Premise vs Cloud Security Perceptions

17:44 The Value of Automation in Device Management

21:34 Operational Challenges in Deploying AI at Scale

26:11 Transitioning from IoT to AIoT Data Management

31:18 Practical Advice for Successful IoT and AIoT Initiatives

In this episode of Security Strategist, host Trisha Pillay explores these challenges with Grant McWilliam, Chief Technology Officer at Aura. They discuss how enterprises can overcome regulatory compliance, technology infrastructure, and operational challenges while delivering trusted, reliable systems globally.

Understanding Regulatory Compliance in Global Scaling

Global expansion introduces different regulatory landscapes, from data privacy laws to communications standards. While some see these as hurdles, they can become strategic advantages: As Grant says, “Regulatory challenges can be opportunities.” He further explains that building a global framework with room for local adaptation, “design globally, implement locally,” ensures compliance while maintaining operational flexibility.

Building Resilient Technology Infrastructure

Reliable technology infrastructure is just as important for platforms operating across regions with varying telecom networks, mapping systems, and technical capabilities. In mission-critical contexts such as emergency response, reliability is non-negotiable, and technology should never limit service. Redundancy, failovers, and multi-region deployments ensure platforms remain responsive under pressure.

Operational Excellence and Trust

Gary notes that operational pressures grow as organisations scale. Teams need to act efficiently while respecting local regulations and cultural contexts. He emphasises: “Trust is essential in emergency response and emergency response must prioritise user needs.” By embedding processes as backups to the backups and adapting technology to local conditions, organisations build resilience and maintain user confidence. He adds, “Collaboration enhances operational efficiency.”

Key Principles for Scaling Cybersecurity Globally

1. Global standards and local adaptation: Establish frameworks that scale but allow local execution.
2. Reliability and trust: Ensure mission-critical systems function under any circumstances.
3. Cultural and operational alignment: Integrate local knowledge and collaboration to make technology sustainable and effective.

Scaling technology globally requires balancing cybersecurity, infrastructure, regulatory compliance, and operational agility. In this episode of Security Strategist, the discussion highlights that success comes from combining technical excellence with strategic empathy, ensuring platforms are trusted, resilient, and effective for every user, in every region.

Takeaways

• Scaling technology globally requires navigating regulatory complexity and infrastructure demands.
• Building trust is essential for emergency response technology to be effective.
• Global standards must be adapted to local needs for successful implementation.
• Adapting to different infrastructure environments is crucial for maintaining service quality.
• Cultural understanding is key to adapting technology for different regions.
• Regulatory challenges can be opportunities for improvement.
• Collaboration with local teams enhances operational efficiency.

Chapters

• 01:20 Introduction to Grant McWilliam
• 04:39 Challenges of Scaling Emergency Response Globally
• 08:39 Technical Challenges in Global Infrastructure
• 11:38 Maintaining Reliability and Redundancy in Emergencies
• 18:30 Strategies for Operational Efficiency and Security at Scale
• 22:26 Top Priorities for Enterprise Leaders and CISOs

About Grant Macwilliam

Grant Macwilliam serves as Chief Technology Officer at Aura, leading the development and scaling of a global emergency response platform that connects users with vetted security and medical responders worldwide. An electrical engineer by training, he is passionate about creating technology and teams that deliver real-world impact. Under his leadership, Aura has expanded its platform across continents, supporting partners in ride-sharing, insurance, and public safety sectors while maintaining high standards of reliability, trust, and operational excellence.

In this episode of The Security Strategist podcast, Jim Waggoner, VP of Product Management at N-able, and Lewis Pope, CISSP and N-able Head Nerd, sit down with host Jonathan Care, the Lead Analyst at KuppingerCole. 

MSPs have typically focused on technology layers, like backups, EDR, and MDR. However, as both Waggoner and Pope point out during the conversation, achieving resilience requires a bigger change – in operations, culture, and strategy.

Cyber Resilience is Being Prepared For Any Attack

When asked about redefining resilience, Pope underscores the need to move away from a classic technician mindset. He explains that MSPs should adopt a business-focused approach:

“You have to drop your technician glasses and put on your business glasses for a lot of these matters.”

Why is this important? MSPs often have a better understanding of their clients’ workflows than the clients themselves. This puts MSPs in a powerful position, but they must look both inward and outward, Pope further explains. 

He emphasises the need for internal threat modelling, risk registers, and long-term business planning with clients: “You need to have that seat there so you can help them, guide them, and put your fingers on the scales of which direction they plan to take.”

Supporting this shift in tackling threats, Waggoner cites an example of tabletop exercises performed at N-able internally. Imagine “you just got a call that someone believes that they've been compromised by ransomware. What do you do?”

The exercise didn’t focus on antivirus tools. Instead, it uncovered operational blind spots—like who to call, what steps to take, and how to keep the business running. The key lesson is that resilience is not about preventing every attack; it's about being prepared for the one that will happen.

Also Watch: How Can MSPs Stay Competitive with Managed Detection and Response (MDR)?

‘Automation Should Strengthen Security Teams, Not Replace Them’

AI and automation is the rage in the cyber technology industry at the moment. While AI offers speed and scale, Waggoner warns it can lead to serious overreactions if not managed carefully: “If you're seeing something that looks suspicious and the automated response is to cut off these services, that can be great.” 

The only way to balance a rogue AI and automation situation is “the human,” he added. The VP of Product Management asserts the importance of safeguards such as manual confirmation prompts, human-initiated rollbacks, and analyst reviews. Ultimately, automation should strengthen security teams, not replace them.

“You treat anything and everything that it does as something that a highly clever intern brought to you, but you still have to double-check it,” Pope added to the conversation. The Head Nerd emphasises a key detail often overlooked in AI discussions – precision. MSPs need to distinguish between LLMs, machine learning, and automated processes as each has different risks and policies.

Throughout the discussion, one message stands out – the MSPs who will succeed are those who embrace cultural change, practice operational readiness, and use automation wisely.

“You do need to say I've kept your business running. Constantly, it has not gone down,” Waggoner states. In a world where cyber incidents are a matter of when, not if, resilience is now an expectation, not just an added service.

Also Watch: EDR, XDR, or MDR — What’s the Real Difference and Why Does It Matter?

Takeaways

• Cyber resilience is about keeping businesses running during attacks.
• MSPs must shift from reactive to proactive security measures.
• Compliance is becoming increasingly important for all businesses.
• Operational and cultural changes are essential for resilience.
• Automation and AI can enhance security but require human oversight.
• MSPs should conduct tabletop exercises to prepare for attacks.
• Building partnerships can help MSPs enhance their services.
• Resilience planning should be an ongoing process, not a one-time effort.
• Understanding client operations is crucial for effective security.
• Urgency in response is key to managing cyber threats.

Chapters

• 00:00 Introduction to Cyber Resilience
• 02:47 Defining True Cyber Resilience
• 05:52 The Role of MSPs in Cyber Resilience
• 09:04 Compliance and Its Growing Importance
• 12:04 Operational and Cultural Changes for Resilience
• 14:59 The Impact of Automation and AI
• 18:06 Turning Compliance into Resilience Programs
• 20:58 Advice for Building Cyber Resilient Businesses

Amaral, who has decades of experience in security leadership, argues for moving beyond the industry’s traditional “shift left” concept. He believes organisations should focus on systems that prioritise scale, speed, and effective fixes.

Why Shift Left Failed

Amaral says the “shift left” promise never came true. Even with positive intentions, sending vulnerability lists back to developers created overloaded backlogs and slow remediation times, resulting in frustration for everyone involved.

Engineers are experts in their application code, but not in the vast and complex open-source libraries their software relies on. When security scanners present hundreds of CVEs, “roadmap wins out over security,” Amaral explains. Often, maintainers only patch newer versions, leaving production teams stuck with outdated releases and no safe upgrade options.

Read: What is DevSecOps? and Why It Matters

Shift Out is Root’s solution to this flawed workflow. Instead of adding to developers' workloads, organisations can assign the entire fix process—including patch creation, testing, and delivery—to an automated system led by domain experts. 

“Don’t give it to developers, give it to us,” The Root co-founder states. “We’ll take it.”

A New Standard for Open-Source Maintenance

When discussing the idea of an external system modifying customer code, Amaral clarifies that Root doesn’t alter first-party code. Instead, they fix the open-source libraries that customers use—libraries that are already out of their control.

Amaral points out that the current industry practice of blindly upgrading to new maintainer versions is much riskier. With the rise of supply-chain attacks, and maintainers often unable to apply fixes to older versions, companies increasingly face a troubling maintenance gap.

To build trust and transparency, Root publicly shares all of its backported patches in a GitHub repository. This allows maintainers, independent developers, and the broader open-source community to examine, use, or build upon Root’s work. “If people want to use them, they can,” Amaral states. “It’s our responsibility to make that available.”

Amaral’s message for technology leaders is that as AI changes the software landscape, organisations should adopt a remediation-first mindset. They should begin development with secure, pre-fixed libraries instead of rushing to address CVEs later. With AI-driven remediation now feasible at scale, maintaining secure software should become a standard practice, not an urgent afterthought.

Takeaways

• AI is revolutionising vulnerability management.
• Shift Out is a new approach to security.
• Automation can alleviate the burden on developers.
• Trust is essential for adopting new security solutions.
• Open source maintenance is crucial for security.
• Backported patches benefit the wider community.
• Traditional methods of vulnerability management are becoming obsolete.
• Organisations need to start with secure libraries.
• AI can provide scalable security solutions.
• The future of security lies in automation and AI.

Chapters

• 00:00 Introduction to AI in Vulnerability Management
• 03:06 The Shift Out Mindset
• 05:51 Make vs. Buy: The Agent Dilemma
• 09:02 Building Trust with Customers
• 11:54 Open Source and Backported Patches
• 14:59 The Future of Vulnerability Management

About Root

Root eradicates the CVE grind by delivering open source software that is free of known vulnerabilities, secure by default, and ready to use without additional engineering effort. Powered by thousands of specialised AI agents, Root continuously detects, patches, tests, and ships fixed components across any tech stack in minutes—with full transparency, no forced upgrades, and no vendor-locked images.

AppSec teams get immediate remediation without waiting on developers. Engineers stay focused on building products instead of managing patches. And organisations dramatically reduce exposure windows by moving security at AI speed. Root is building the backbone of the agentic software supply chain, where open source is secure from day one.

In this episode of the Security Strategist Podcast, IT-Harvest Chief Research Analyst Richard Stiennon sits down with Art Gilliland, CEO of Delinea, to discuss the explosive adoption of AI, the rise of shadow AI, and why identity-centric governance is becoming an urgent priority. Gilliland emphasises the importance of managing AI risks, particularly with machine identities, and the need for intelligent authorization systems to enhance security operations. 

When Gilliland joined Delinea, he believed in focusing on identity, along with policies that govern it. “In the cloud, you share responsibility. In SaaS, you delegate. But you always own your users—human or machine—and your data.”

AI Reduced Inbound Call Volume by 60%

Delinea has been integrating AI internally for years. One of the most transformative outcomes was the launch of Delinea Expert, an AI assistant built directly into the product interface. Users can upload screenshots, logs, or questions and receive precise guidance on how to fix or configure the product. It acts, Gilliland says, like a support person on your shoulder.

“We shipped it about a year ago, and it reduced our inbound call volume by 60%.”

This dramatic result mirrors what Gilliland sees across customers: rapid adoption, often through quick toy implementations that still deliver massive value.

AI Prompts Wider Exposure Surface

But with the rapid adoption of AI comes a wider exposure surface. Business teams are driving AI, CEOs are demanding it, and developers are already using it. However, Gilliland believes security is still trying to catch up—again.

“There's this huge gap between the consumption and use of AI and a company’s ability to get in front of it.”

This gap is what many call shadow AI. Unlike historical shadow IT, this version is often approved—business leaders want it. But they lack visibility, policy, or governance structures to ensure it’s secure. Delinea’s recent survey found that “95 per cent of customers are already using or planning to use AI,” spotlights Gilliland, while just “40 per cent have any governance in place.”

Gilliland warns that the dynamic resembles earlier waves—laptops, mobile, Wi-Fi, cloud—but has accelerated dramatically. “It’s inevitably going to be used because it’s so powerful. You can’t hold it back—and you wouldn’t want to.”

Use AI to Manage AI

This is the future: using AI to manage AI. “AI behaves differently than traditional machine identities. It can make decisions. It has intent.” Because machine-to-machine connections now operate quickly and with shifting intent, organisations need systems capable of evaluating every single request in real time.

Traditional machine identities are predictable—like a robot performing the same task endlessly. Attacks happened when credentials were stolen and misused by humans with intent, as in the Salesforce/Drift breach.

“AI is going to have a machine connection, which tends to be overprivileged. But it can also make decisions on its own.”

Companies must not only build governance, inventory systems, and manage credentials—they must evolve toward understanding intent.

“AI is not static. There’s intent behind the connection. Your controls must be able to interpret that intent. That’s where AI is taking us,” Delinea CEO tells Stiennon.

Takeaways

• AI is a hot topic in cybersecurity today.
• There is a significant gap between AI adoption and governance.
• Shadow AI is becoming prevalent in organisations.
• Companies need to establish a governance structure for AI.
• AI-driven tools can enhance security operations.
• Zero standing privileges are essential for security.
• Organisations must manage machine identities effectively.
• Intelligent authorisation can reduce security risks.
• Understanding intent in AI interactions is crucial.
• A crawl, walk, run approach is recommended for AI governance.

Chapters

• 00:00 Introduction to AI in Identity Security
• 03:19 Governance Gaps in AI Usage
• 07:09 The Rise of Shadow AI
• 11:19 Managing AI Risks and Machine Identities
• 16:11 Intelligent Authorisation and Security Operations
• 20:27 Final Thoughts on AI Governance

About Delinea 

Delinea is a pioneer in securing human and machine identities through intelligent, centralized authorization, empowering organizations to seamlessly govern their interactions across the modern enterprise. Leveraging AI-powered intelligence, Delinea’s leading cloud-native Identity Security Platform applies context throughout the entire identity lifecycle – across cloud and traditional infrastructure, data, SaaS applications, and AI. It is the only platform that enables you to discover all identities – including workforce, IT administrator, developers, and machines – assign appropriate access levels, detect irregularities, and respond to threats in real-time. With deployment in weeks, not months, 90% fewer resources to manage than the nearest competitor, and a 99.995% uptime, Delinea delivers robust security and operational efficiency without compromise. Learn more about Delinea on Delinea.com, LinkedIn, X, and YouTube.

“We live in a time where the threat landscape is changing instantly,” Steffen said. With threat actors speeding up their tactics, Waggoner and Ferla insist that the only way forward is constant reassessment.

When the ‘Response Action’ Doesn’t Deliver

Steffen began by asking the IT leaders about a key challenge faced by many CISOs. He says that the industry often talks about “EDR, MDR, XDR,” yet the promise of real-time response frequently remains unfulfilled.

Ferla identified a major problem here: the wrong people are making purchasing decisions. “In the small to mid market, I often see decision-makers who aren’t security experts, and they’re the ones driving the purchasing,” he explained. These executives “trust that the product works as they want, but they don’t know what they really need in the field,” which leads organizations to buy advanced tools they cannot actually use.

Even more troubling, Ferla noted that many customers request capabilities that no MDR could or should handle. “I have people at N-able coming to me thinking that we can manage backups as a response. And that's simply not possible.”

Waggoner, who spent years developing incident response tools, sees another side of the issue. Vendors often downplay the “response” aspect. “When it came to the R,” he said, “it was a little R.” True MDR has to go well beyond automated blocking. “Can we disable accounts? Can we prevent ransomware from affecting other systems or stop lateral movement?”

Also Read: N-able Annual Threat Report 2025

Where AI and Cybersecurity Go Next

When asked about the future of detection and response, Ferla shed light on the increasing complexity. He remembered running an MSP alone just a few years ago. “Nowadays, I could not come anywhere near close to doing this,” he said. “It's impossible.”

Waggoner stated that AI will shape the next phase—not just for attackers, but also for defenders who face ongoing staffing shortages. Threat actors are already using AI to change tactics and automate reconnaissance. Defenders need to keep up: “Look at companies like us, using AI for detection models and for responses to address the people shortage.”

Waggoner encouraged IT decision-makers to find ways AI can strengthen their security, not make it more complicated. “Get ahead of it. See how you can truly use AI's capabilities to better protect yourself,” he stated.

Takeaways

• Detection and response tools are evolving rapidly.
• Organizations often have unrealistic expectations of their security capabilities.
• Continuous review of security strategies is essential.
• MSPs play a crucial role in enhancing security for small to mid-sized businesses.
• Proactive measures are necessary to stay ahead of threats.
• AI is transforming the cybersecurity landscape.
• Maturity in security means recognizing gaps and seeking help.
• Implementing effective detection requires visibility across all systems.
• The threat landscape is constantly changing, requiring adaptive strategies.
• Basic security practices must be done well to mitigate risks.

Chapters

• 00:00 Introduction to Cybersecurity Strategies
• 02:54 Understanding Detection and Response Tools
• 05:52 The Gap Between Expectation and Reality
• 09:06 The Importance of Continuous Strategy Review
• 12:11 The Role of Managed Service Providers (MSPs)
• 15:09 Implementing Effective Detection and Response
• 17:52 Future Trends in Cybersecurity
• 20:47 Final Thoughts and Key Takeaways

In this episode of Security Strategist, Syed Ali, Chief Executive Officer of EZO, joins host Chris Steffen to discuss how IT asset management (ITAM) and deterministic automation provide the visibility and control organizations need to secure their digital landscapes.

“There are risks lying around in the organization,” Ali explains. “A good ITAM solution helps identify them and forms the foundation for maturing IT operations.” His insights are drawn from years of experience as both an IT practitioner and entrepreneur, offering practical lessons for IT leaders and security professionals alike.

Strengthening Cybersecurity and Risk Management with ITAM

Effective ITAM solutions are more than just inventory tools; they are central to reducing cybersecurity risk. By automating asset discovery, monitoring, and reporting, organizations gain accurate, up-to-date visibility into every device, software, and identity across their networks.

“Automation runs in IT; it has always run in IT,” Ali notes. Deterministic automation ensures processes are consistent and predictable, allowing IT teams to spot vulnerabilities, reduce the likelihood of human error, and respond quickly to emerging threats. This approach also makes data reliable for decision-making, supporting procurement, patch management, and risk mitigation strategies.

Unmanaged assets, he warns, can “come back to bite us,” particularly when organizations lack visibility into endpoints, applications, and shadow identities. Implementing ITAM proactively rather than reactively is crucial for organizations that want to minimize risk rather than simply meet compliance requirements.

Future ITAM Trends

Looking forward, agentic AI and identity-aware assets are shaping the future of ITAM. While AI introduces powerful capabilities, keeping it separate from deterministic automation ensures organizations maintain control while enhancing visibility and security.

Investing in effective ITAM and automation is an enduring strategy for securing assets, reducing risk, and enabling informed decision-making. As Syed explains, “The system is meant to work for you, but that only happens if there’s discipline and awareness in identifying risks. The danger of not having a solid item in place is very real. I also understand that an understaffed IT team, constantly reacting to issues, can’t always prioritise these risks effectively. Unfortunately, that’s the reality we’re dealing with.”

To learn more about effective ITAM solutions, visit EZO.

For more insights follow EZO:

• X: @ezosolutions
• Instagram: @ezo.solutions
• Facebook: https://www.facebook.com/EZOsolutions/
• LinkedIn: https://www.linkedin.com/company/ezosolutions/

Takeaways

• IT asset management is crucial for reducing cybersecurity risks.
• Automation in IT has always been a fundamental practice.
• Unmanaged assets pose significant risks to organizations.
• Effective ITAM solutions provide reliable data for decision-making.
• Organizations often implement ITAM reactively after incidents occur.
• IT departments face challenges of being understaffed and prioritizing tasks.
• Organizational maturity influences readiness for advanced ITAM tools.
• Future ITAM trends include identity-aware items and usage-based pricing models.
• A good ITAM solution helps identify risks faster and more effectively.
• CISOs should focus on managing unmanaged assets and shadow identities.

Chapters

00:00 Introduction to IT Asset Management and Automation

07:59 The Importance of Deterministic Control in IT Management

13:06 Cybersecurity Risks and IT Asset Visibility

15:05 Challenges in Implementing IT Asset Management

19:11 Organizational Maturity and Tooling Readiness

21:27 Future Trends in IT Asset Management

About EZO

EZO began as EZ Web Enterprises in 2011 with a mission to build easy-to-use yet powerful cloud-based applications for organizations worldwide. Our team is passionate about delivering consistently amazing user experiences with best-in-class functionality and enterprise scalability. EZO’s products help thousands of organizations around the globe streamline operations in many key areas, including physical asset management with EZOfficeInventory, IT asset management with EZO AssetSonar, equipment maintenance management with EZO CMMS and rental business management with EZRentOut. 

Follow EM360Tech for more insights:

Website: www.em360tech.com

X: @EM360Tech

LinkedIn: EM360Tech

In the latest episode of The Security Strategist Podcast, Ory’s Head of Customer Engineering, Jeff Hickman, speaks to host Richard Stiennon, the Chief Research Analyst at IT-Harvest. They discuss a pressing challenge for businesses adopting AI: managing permissions and identity as autonomous agents start making their own decisions.

They particularly explore the implications of AI agents acting autonomously, the need for fine-grained authorization, and the importance of human oversight. The conversation also touches on the skills required for effective management of AI permissions and the key concerns for CISOs in this rapidly changing environment.

The fear that AI agents can go rogue or exceed their bounds is very real. They are not just tools anymore; instead, they can now negotiate data, trigger actions, also process payments. Without the right authorisation model, Hickman warns that organizations will encounter both security gaps and operational chaos.

Also Watch: Is Your CIAM Ready for Web-Scale and Agentic AI? Why Legacy Identity Can't Secure Agentic AI

Human Element Vital to Prevent AI Agent from Going Wild

Traditional IAM frameworks aren’t designed for agents that think, adapt, and scale quickly. Anticipating a major shift, Hickman says, “It’s not just about role-based access anymore. We’re moving toward relationship-based authorization—models that understand context, identity, and intent among users, agents, and systems.”

Citing Google’s Zanzibar model, the Ory lead customer engineer says that it’s a starting point for this new era. Unlike static roles, it outlines flexible, one-to-one relationships between people, tools, and AI systems. This flexibility will be crucial as organizations deploy millions of autonomous agents operating under various levels of trust.

But technology alone won’t solve the issue. Hickman stresses the importance of the human element, saying, “We need humans to define the initial set of permissions. The person who creates an agent should be able to establish the boundaries—in plain language, if possible. The AI should understand those instructions as a core part of its operating model.”

This leads to a multi-pronged identity system where humans, agents, and services all verify authorization on behalf of the user before any action takes place—ensuring accountability even when AI acts autonomously.

The New Organisational Skill Stack for AI Security

As AI systems grow more sophisticated, the people managing them must also evolve. Hickman outlines a three-part skill structure every organization should develop:

• Identity and Access Architects: To define how agents authenticate, represent and act on behalf of users, and scale securely.
• AI Behaviour Analysts: A new role that bridges technical and business insights, understanding how LLMs make decisions and how to align that behaviour with enterprise goals.
• Business Strategists: To figure out what data and capabilities the organization is willing to expose to agents and how those choices support the company’s broader objectives.

“This is more than IAM,” Hickman tells Stiennon. “It’s about understanding how AI consumes, interprets, and acts on information. We’ll need specialists who can analyse agent behaviour much like data analysts examine purchasing trends.”

Hickman adds that, similar to cybersecurity reputation systems, directories of “known good agents” will help organizations confirm the legitimacy and trustworthiness of the AI systems they interact with.

“The future of AI security,” Hickman concludes, “isn’t just about protecting data; it’s about protecting decisions.”

Explore how Ory helps global businesses build fine-grained, scalable, and future-ready identity systems for humans and machines. Visit Ory.com.

Takeaways

• AI agents are increasingly autonomous and can operate outside defined boundaries.
• Permissions for AI agents must evolve beyond traditional models like OAuth.
• The scale of AI agents will significantly impact identity infrastructure.
• Fine-grained authorization is essential for managing AI agent access.
• Human oversight is crucial in ensuring AI agents operate within acceptable limits.
• Organizations need to define clear guardrails for AI agent behaviour.
• The role of traditional IAM professionals will change with AI integration.
• Understanding AI behaviour patterns will become a necessary skill.
• CISOs should prioritise the prompt identification of risks in AI security.
• A new class of professionals will emerge to manage AI interactions.

Chapters

• 00:00 Introduction to AI Agents and Permissions
• 02:47 Challenges in AI Agent Authorization
• 05:59 The Scale Problem of AI Agents
• 09:01 Fine-Grained Authorization for AI Agents
• 12:07 The Role of Human Oversight in AI
• 14:56 Evolving Responsibilities in AI Permissions
• 17:56 Skills Needed for Effective AI Management
• 20:46 Key Concerns for CISOs Regarding AI Agents

In the recent episode of The Security Strategist Podcast, guest Gidi Cohen, CEO and Co-Founder of Bonfy.AI, sat down with host Richard Stiennon, Chief Research Analyst at IT Harvest. They discussed the reasons traditional data loss prevention (DLP) systems fail. Cohen stressed that understanding data context is now crucial for securing AI-driven enterprises.

What Happens When “Trusted” AI Tools Become Paramount Risk

The rise of generative AI, from chatbots to embedded assistants in SaaS platforms, has created a complex web of data interactions that many organisations do not fully grasp. Cohen argues that this new reality has made legacy DLP technologies completely irrelevant.

“Even before generative AI, DLP never really worked well,” he told Stiennon. “It relied on static classification and outdated detection models that created noise and false positives. Now, with dynamic content generated and shared instantly — and humans often out of the loop — those tools can’t keep up.”

While “shadow AI” applications have gained much attention, Cohen believes the larger threat lies in the trusted tools organisations already use. “We’re using Microsoft 365, Google Workspace, Salesforce — all of which now embed AI models,” the Bonfy CEO explains. “They process vast amounts of sensitive data every day. Yet most companies have no control or visibility over how that data is accessed, transformed, or shared.”

This lack of visibility creates a perfect storm for data exposure. “You might use an LLM to summarise a customer meeting, which is fine,” Cohen says. “But if that summary is later shared with the wrong client or synced with another app, you’ve just leaked confidential information — and no one will even notice.”

The main issue, he adds, isn’t about whether AI vendors misuse data. “The model itself isn’t the main problem. It’s what happens afterwards — how the data and outputs move through the organisation.”

How to Create a New Model for AI-Aware Data Security

Cohen’s solution to this growing complexity is what he calls a context-driven, multichannel architecture. Such a way perceives data protection as an ecosystem rather than a single checkpoint.

“The flows are too complex for simple guardrails,” he explains. “You can’t just block uploads of credit card numbers and call it a day. You need to understand the context — who’s sharing the information, through what channel, for what purpose, and whether it’s leaving the organisation.”

Bonfy’s approach looks across multiple communication layers — from email and file sharing to APIs, AI agents, and web traffic. They create a complete view of how information moves. Cohen says it’s essential for spotting risky behaviour, whether it comes from a careless employee or an autonomous AI agent working in the background.

As organisations start using multimodal AI — incorporating text, images, audio, and video — this overall visibility becomes even more important. Browser extensions or regex-based filters, he notes, simply won’t catch everything. “An AI agent isn’t using a browser. It’s running somewhere on your network, processing sensitive data on its own. You need a system that can detect that.”

Alluding to turning points in cybersecurity, Cohen explained: “What happened with firewalls 20 years ago or endpoint protection 15 years ago is happening again with data security. We’re entering a new generation.”

“AI is moving faster than defenders. Waiting to figure it out later is not an option. The risks are growing rapidly — and the time to act is now.”

Ultimately, as AI changes how organisations create, share, and use information, traditional data security methods are struggling to keep up. The Bonfy co-founder believes the future belongs to tools that understand context — not just content — and that can protect data wherever and however AI is used.

Takeaways

• The rise of LLMs introduces significant new risks to data security.
• Traditional DLP solutions are inadequate for modern data flows.
• Shadow AI poses hidden risks that organisations often overlook.
• Embedded models in SaaS applications increase data leakage risks.
• Contextual understanding is crucial for effective data protection.
• Organisations must adapt to the dynamic nature of data sharing.
• Guardrails are essential to prevent data misuse and leaks.
• Data security controls need to evolve with technological advancements.
• The integrity of data can be compromised by AI hallucinations.
• Trust in AI tools must be balanced with robust security measures.

Chapters

• 00:00 Introduction to Cybersecurity Challenges
• 02:47 The Rise of LLMs and Data Risks
• 06:04 Shadow AI and Embedded Models
• 08:59 Guardrails and Data Protection Strategies

About Bonfy.AI

Bonfy.AI empowers enterprises to safely adopt GenAI and productivity platforms, such as Microsoft 365 and Copilot, without sacrificing security, compliance, or innovation. Legacy DLP and DSPM is increasingly inadequate against the risks of prompt injection, shadow AI, and over-permissioned access inherited by AI agents. Bonfy.AI’s solutions go beyond static detection, offering a context-driven, multi-channel data security architecture that understands not just content, but the full context of data flows within the modern enterprise.

Bonfy Adaptive Content Security™ (Bonfy ACS™) enables real-time monitoring, automated labeling, and risk-based remediation of AI-generated content across email, file sharing, cloud applications, and enterprise collaboration platforms. Deep integrations with Microsoft 365 ensure full visibility and policy enforcement in critical channels (Mail, SharePoint, Entra, Purview, and Copilot outputs) while adaptive knowledge graphs and behavioral analytics detect and prevent ten times more real-world risk scenarios with far fewer false positives.

Bonfy ensures audit-readiness and regulatory compliance for frameworks such as GDPR, HIPAA, PCI, and CCPA by blocking unauthorized AI access, labeling confidential data in real time, and providing security teams with actionable visibility across all information flows. Organizations in regulated industries, including financial services, healthcare, insurance, and technology, leverage Bonfy.AI to enable secure AI adoption, prevent costly data leaks, and achieve balanced productivity gains without introducing compliance crises or reputational risk. To learn more, visit bonfy.ai and follow us on LinkedIn.

Reddy emphasises the need for intelligent friction in security measures, allowing for a balance between security and business operations. The conversation also highlights the importance of understanding user needs and building trust within security systems to ensure effective implementation of Zero Trust strategies.

How to Build Trust in a "Zero Trust" World?

“Security should be a seatbelt, not a straightjacket,” Esper CTO said, describing the nature of zero trust in cybersecurity. For Reddy, zero trust isn’t just about “trust no one.” It’s about verifying everything while still allowing people to do their work.

“Zero Trust is really about verification,” he explains. “But the paradox is that it’s built to create trust among the people using it.” As systems, devices, and AI tools grow, security can’t just mean adding more barriers. “The number of people interacting with systems has increased a lot,” Reddy adds. 

“But if the system doesn’t support the business, people will find a way around it.” That, he says, poses a risk where extremely rigid security could defeat its own purpose.

From “Friction” to “Intelligent Friction”

The Esper CTO explains Intelligent Friction designs systems that adjust security based on the situation. “You want the least friction where there is friction,” he says. “Add friction where it matters most, and make it disappear when it doesn’t.”

Alluding to an example of banking apps, Reddy explains intelligent friction as a simple login for checking balances and extra verification for large transfers. “That’s intelligent design — progressive, contextual, and trusted.”

When asked about the key message for CISOs, CEOs and IT decision-makers, he urges them to “stop measuring adherence to rules.” Instead, “start measuring where people are bypassing them — that’s where your friction is hurting the business.”

At Esper, this approach guides everything from device management to enterprise policy design: security that protects without slowing you down. Discover how Esper is redefining Zero Trust through Intelligent Friction. Learn more at Esper.io.

Takeaways

• Zero Trust is fundamentally about verification at every step.
• The shift to Zero Trust is driven by increased exposure and sophisticated attack vectors.
• Human trust is essential for Zero Trust systems to function effectively.
• Intelligent friction allows for security measures that adapt to user needs.
• Security should not hinder business operations; it should support them.
• CISOs should measure rebellion against security rules, not just adherence.
• Progressive security checks can enhance user trust in systems.
• Cultural change is necessary for effective security implementation.
• Feedback from users is crucial for improving security systems.
• Trust should be the primary driver in designing security systems.

Chapters

• 00:00 Introduction to Zero Trust and Its Importance
• 02:07 Understanding Zero Trust: Verification at Every Step
• 03:03 The Shift to Zero Trust: Why Now?
• 04:34 The Trust Paradox in Zero Trust Systems
• 06:10 Real-World Examples of Trust Breakdown
• 08:15 Intelligent Friction: A Solution to the Paradox
• 10:48 Implementing Intelligent Friction in Retail
• 12:40 Measuring Security: Moving Beyond Rule Adherence
• 14:40 Balancing Security and Business Velocity
• 16:39 Actionable Insights for CISOs
• 18:51 Key Takeaway: Embracing Trust in Security Systems

The traditional security perimeter is no longer a reliable boundary. As enterprises adopt hybrid infrastructures, cloud services, and autonomous AI systems, identity has emerged as the central element of effective cybersecurity.

In the latest episode of The Security Strategist Podcast, Richard Stiennon speaks with StrongDM’s Chief Executive Officer Tim Prendergast about how organizations can secure human users, machines, and agentic AI through identity-based controls.

Identity at the Center of Zero Trust

Both Stiennon and Prendergast believe identity has become the true control plane for modern cybersecurity. While Zero Trust frameworks are widely promoted, they often remain theoretical until grounded in strong identity governance. By continuously verifying and managing every identity—human, machine, and AI—organizations can strengthen access control, reduce the risk of credential theft, and enforce clear operational boundaries across their environments.

As Prendergast explains, “No one wants to go out of business tomorrow, no matter how good their security is. You have to balance the needs of the business, the needs of your user or customer populations, and practical security.

Securing Human Users

For human users, particularly those with privileged access, identity management must strike a balance between security and productivity. CISOs need visibility into who is accessing critical assets, when, and under what context. StrongDM’s approach emphasizes just-in-time access, ensuring users receive only the permissions they need, precisely when they need them.

Implementation Considerations

Deploying identity-based security requires a strategic, phased approach. Prendergast stresses that security measures must align with business priorities to minimize disruption. By treating users, machines, and AI agents as identities rather than simply devices or services, organizations can enforce dynamic policies, respond to threats more effectively, and maintain compliance in increasingly distributed IT environments.

StrongDM’s approach demonstrates that the future of security lies in identity-first models where humans, machines, and AI agents are governed under the same principles, ensuring that the right identities have the right access at the right time.

Takeaways

• Identity is the new control plane for security.
• Zero Trust is often theoretical; real progress lies in identity-based security.
• Stolen credentials are the primary attack vector.
• A Renaissance in identity security is overdue.
• StrongDM offers just-in-time access for identities.
• Real-time interrogation of entities is crucial for security.
• CISOs need better visibility and resources for identity management.
• Agentic AI presents both risks and opportunities for businesses.
• Implementation of identity security must be strategic and gradual.
• The shift from authentication to authorization is essential for future security.

 Whether you’re a CISO, security leader, or tech enthusiast, this episode shows you how to rethink trust in a hybrid, AI-driven world.

Follow StrongDM for more insights:

• Twitter: @strongdm
• LinkedIn: @strongdm
• Facebook: @strongDM
• YouTube: StrongDM Channel
• Website: www.strongdm.com

Chapters

00:00 Introduction to Identity-Based Security

03:08 The Role of Identity in Zero Trust

06:45 Understanding Critical Assets and Identity Approaches

09:41 Agentic AI and Its Implications

17:51 Implementation Challenges in Identity Security

21:32 Key Takeaways for CISOs

About StrongDM

Founded in 2015, StrongDM helps organizations manage and audit access to databases, servers, clusters, and web applications. Trusted by technical teams worldwide, our platform is secure by design, operationally effective, and easy to use. With a 98 per cent customer retention rate, we turn customers into lifelong fans. Our mission-driven values ensure we stay true to helping organizations simplify access management while keeping security uncompromised.

In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, talks with Stefanie Hammond, Head Nerd at N-able, and Jim Waggoner, Vice President of Product Management at N-able. They discuss how MSPs can tackle rising threats, bridge the talent gap, and maintain profitability in a quickly evolving market.

The speakers particularly explore the critical need for MSPs to adopt Managed Detection and Response (MDR) services, the importance of internal security investments, and how AI can enhance efficiency. The conversation also touches on compliance challenges and future trends in pricing strategies for MSPs, emphasising the need for continuous adaptation in a rapidly changing threat environment.

When Stiennon asked, “How quickly must an MSP change their entire model to a managed detection and response offering to stay competitive?” Hammond's answer was straightforward: “If an MSP hasn’t done that yet, I don’t know how much longer they can wait.” 

This sets the stage for the podcast.

MDR Is No Longer Optional but Critical for MSPs

For MSPs serving clients in tightly regulated fields like finance, healthcare, government, or education, Managed Detection and Response (MDR) is a necessity.

“Organisations in those sectors face a greater risk,” says Hammond. “Managed Service Providers (MSPs) need to incorporate MDR into their security offerings and make it standard for their customers to stay competitive.”

However, Hammond cautions against selling MDR as a standalone solution.“We shouldn’t sell any security tools as a separate service.” Instead, she suggests packaging MDR with other prevention, detection, and recovery options—like backup and data protection—to create a layered cybersecurity package.

Agreeing, Waggoner steps in and describes this as a natural growth process for MSPs: “It becomes a maturity lifecycle. You start by managing hardware and software, move on to daily security, and eventually cover full detection and response. If MSPs don’t want to develop that in-house, N-able can assist—we can co-manage it or handle it for them as they grow.”

MSPs for Smarter Security and AI-Backed Efficiency

The speakers also talked about howtalked how AI and automation are changing cybersecurity, not just for spotting threats but also for improving operations and driving sales. “We automatically handle 90 per cent of security alerts using AI,” expressed Waggoner. 

“If you’re not automating, you’re falling behind,” the Vice President of Product Management at N-able added.

For Hammond, AI is equally beneficial in marketing and communication. She recommends MSPs not to manage sales and marketing on their own but to use AI to support themselves. 

Both experts agree that compliance, identity protection, and education are essential parts of a resilient security framework. “It always comes down to identity,” Waggoner emphasises. “Use unique logins, change passwords regularly, and set up MFA—those basics prevent most attacks.”

As for the future of MSPs, Hammond envisions a shift beyond just technology.

“Don’t stick with the status quo. The market keeps evolving, and if you fail to update your pricing, services, and messaging, you’ll risk becoming obsolete within five years.”

Listen to the full episode to discover how N-able’s experts are assisting MSPs in reshaping their business models, adopting MDR, and turning security challenges into new opportunities. 

Stream now on your favourite podcast platform or visit n-able.com.

Takeaways

• MDR is essential for MSPs in regulated industries.
• MSPs must adopt a proactive approach to security.
• Identity management is crucial to prevent breaches.
• AI can significantly improve operational efficiency.
• Compliance should be viewed as a revenue opportunity.
• MSPs need to evolve their pricing strategies.
• Security awareness training is vital for employees.
• The threat landscape is constantly changing.
• MSPs should focus on value-based pricing models.
• Continuous learning and adaptation are key for MSP success.

Chapters

• 00:00 Introduction to Managed Service Providers (MSPs) and Cybersecurity
• 05:55 The Importance of Managed Detection and Response (MDR)
• 12:10 Internal Security Investments for MSPs
• 14:55 Developing an AI Strategy for Efficiency
• 19:59 Navigating Compliance Challenges
• 25:01 Future Trends in Cybersecurity and MSP Pricing Strategies
• 29:01 Key Takeaways for CIOs and CTOs

According to Robert Rogenmoser, the CEO of Securosys, storing keys insecurely creates immediate risk. This makes it crucial to maintain strong key security. "If it's just in a software system, you can easily get hacked. If I have your encryption key, I can read your data. If I have your Bitcoin keys, I can spend your money,” says Rogenmoser.

In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks to Robert Rogenmoser, the CEO of Securosys, about safeguarding the digital world with cryptographic keys. Rogenmoser puts up a case to rally Hardware Security Modules (HSMs) as the best solution for this critical challenge.

In addition to discussing how hardware security modules (HSMs) protect encryption keys, they also talk about the evolution of HSMs, their applications in financial services, the implications of post-quantum cryptography, and the integration of AI in security practices. 

Are Hardware Security Modules (HSMs) the Ultimate Solution?

The conversation stresses the importance of key management and the need for organisations to adapt to emerging technologies while ensuring data security.

In order to mitigate the cybersecurity risks, the priority is to securely store the keys, control access, and generate impenetrable keys that cannot be easily guessed by cyber criminals. HSMs are the ultimate solution to the key issue, believes Rogenmoser. 

Firms tend to shift their data to the cloud, making it even more essential to secure keys. The main challenge arises when both the data and the keys are managed by the same cloud provider, as this setup can compromise the integrity of key control and raise concerns about data sovereignty. 

However, Securosys approaches this challenge differently. Rogenmoser explains that organisations can keep their data encrypted in the cloud. At the same time, they keep the key somewhere else, where only they have control over it.

Multi-Authorisation System for High-Stakes Transactions

Rogenmoser pointed out the company's patented system for multi-authorisation of Bitcoin keys. This system is essential because blockchain transactions are high-stakes and irreversible.

"Crypto custody for bitcoins or any cryptocurrency is a major business for our HSM," he said. Banks that hold large amounts of customer crypto cannot afford a single point of failure. "A blockchain operation is a one-way thing. You sign a transaction, and the money is gone."

The multi-authorisation system addresses this issue by requiring a "quorum" of people to approve each transaction. Rogenmoser explained, "You can say this transaction can only be signed and sent to the blockchain if one out of three compliance officers signs this, plus two out of five traders." 

This approach creates a "more secure system" because "the HSM then checks, do we have a quorum? Did everyone actually sign the same transaction?" Only after verification is "the actual key for the blockchain […] used to sign a transaction and send it to the blockchain."

Looking to the future, Rogenmoser believes HSMs will be vital for securing the growth of artificial intelligence (AI). With "AI and AI agents doing tasks for us, they might modify things or purchase items on our behalf," which requires both authorisation and attestation.

Takeaways

• HSMs are essential for protecting encryption keys.
• The Swiss National Bank was a key client for Securosys.
• Securosys HSMs are used to secure financial transactions worth trillions.
• Cloud-based HSMs offer convenience but require careful key management.
• Post-quantum cryptography is a significant industry transition.
• NIST is developing algorithms resistant to quantum attacks.
• Multi-authorisation systems enhance security in cryptocurrency transactions.
• AI will require new security measures and audit trails.
• Organisations must assess their key management practices.
• Transitioning to post-quantum systems will take time and planning.

Chapters

• 00:00 Introduction to HSMs and Their Importance
• 03:55 The Role of HSMs in Financial Services
• 08:44 Post-Quantum Cryptography: Preparing for the Future
• 13:30 Multi-Authorisation Systems in Cryptocurrency
• 16:48 AI and the Future of HSMs
• 19:19 Key Takeaways for IT Decision Makers

About Securosys

Securosys SA, based in Zurich, is a global leader in cyber security, encryption and digital identity protection, prioritising data sovereignty. Their Swiss-built Hardware Security Modules (HSM) secure financial markets, serving over half of the Tier 1 banks worldwide. Certified to the highest standards, their on-premises and cloud HSM solutions offer secure key generation, encryption, digital signing, and post-quantum readiness for finance, healthcare, government, and other industries.

The key challenge enterprises face today, pertaining to identity and security, particularly, is the quick rise of AI agents. Many organisations are trying to annex advanced AI features into old systems, only to realise, post-cost investment, that serious issues have come to the surface. The high number of automated interactions could easily overload the current infrastructure. 

"The scale of agent workloads will be the weak spot for organisations that simply try to apply current identity solutions to the rapidly growing interaction volume,” cautions Hickman. 

In this episode of The Security Strategist podcast, Alejandro Leal, Host, Cybersecurity Thought Leader, and Senior Analyst at KuppingerCole Analysts AG, speaks with Jeffrey Hickman, Head of Customer Engineering at ORY, about customer identity and access management in the age of AI agents. 

They discuss the urgent need for new self-managed identity solutions to address the challenges posed by AI, the limitations of traditional Customer Identity and Access Management (CIAM), and the importance of adaptability and control in identity management. The conversation also explores the future of AI agents as coworkers and customers, emphasising the need for secure practices and the role of CISOs in pulling through these changes.

AI Agents – The Achilles Heel of Legacy Identity

Hickman explains that many companies face an immediate and serious issue at the moment. He said: "The scale of agentic workloads will be the Achilles heel for organisations that simply try to map existing identity solutions onto the drastically ballooning interaction volume."

This scale not only overwhelms current systems but also creates perilous complexity. AI agents, acting on their own or on behalf of humans, lead to a huge increase in authentication events. This is called an "authentication sprawl." Such strain on old technology often positions security as an afterthought.

The main unresolved technical issue is context: figuring out what an individual agent is allowed to do and what specific data it can access, Hickman tells Leal. "The problem is defining the context—what an agent is allowed to do and gather. Legacy IM solutions don't address this well; it's an unsolved area."

To gain the necessary control, organisations must move beyond complicated scope chains and rethink how granular permissions function. Meanwhile, the risk of AI-driven phishing targeting human users, fueled by manipulated prompts, will grow until we can ensure the authenticity of human-in-the-loop moments using technologies like Passkeys.

Also Read: OpenAI leverages Ory platform to support over 400M weekly active users

Takeaways

• The rise of AI agents is reshaping customer identity management.
• Traditional SIAM systems struggle with the scale of AI interactions.
• Adaptability is crucial for organisations facing new identity challenges.
• Control over identity solutions is essential for enterprises.
• Security must not be sacrificed for user experience.
• AI agents can amplify existing identity management challenges.
• Organisations need to understand the permissions of AI agents.
• The future of identity management is evolving rapidly.
• CISOs must embrace modern standards for identity solutions.
• Observability in identity management enhances security and adaptability.

Chapters

00:00 Introduction to Customer Identity and AI Agents

03:00 The Impact of AI on Identity Management

06:13 Challenges of Traditional SIAM Systems

08:58 The Need for Adaptability in Identity Solutions

11:49 Control and Flexibility in Identity Management

15:12 Future of AI Agents and Security Practices

17:49 Key Takeaways for CISOs

About ORY

With tens of thousands of active projects and trillions of identities managed across its open-source and managed environments, Ory is on a mission to redefine what it means to secure digital identities (customers, employees, partners, machines, and agents). Ory provides a modern and modular approach to c/IAM programs that provides unmatched scale, user experience, and deployment flexibility. From open-source to self-managed but supported enterprise licenses, to a fully managed and compliant global service, our composable architecture allows organisations to easily customise experiences for their users.

Host Richard Steinnon, Chief Research Analyst at IT-Harvest, sits down with Deegan to talk about cybersecurity in brand protection against online fraud. They explore how AI is being used by criminals to create convincing fake shops, the impact of these scams on consumer trust, and the need for a comprehensive approach to brand protection. 

Deegan emphasises the importance of understanding consumer behaviour, the mechanics of online scams, and the necessity for organisations to adopt proactive strategies to combat these threats. 

The Alarming Rise of AI Fake Shops

While the digital world seems like a boon to most, about two-thirds of humanity (five billion people), to be precise. This online community, heavily relying on mobile devices, have become prey for savvy cybercriminals. These criminals are now using Generative AI to create highly convincing, yet entirely fake, online retail experiences.

Deegan, a cybersecurity and brand protection expert at EBRAND, illustrates the situation trapping the digital community. She asks the audience to imagine a consumer scrolling through social media, sees an ad for a favourite brand offering a deep discount. The consumer clicks, is taken to a professional-looking website that appears legitimate, enters payment details, and loses their money. The product never existed, and the consumer's data is stolen. The speed and scale of these attacks are unprecedented; single campaigns can target over 250,000 people in a single day, points out Deegan.

The EBRAND senior director proposes a massive change in brand protection strategy. Instead of just dealing with surface-level violations, she wants to target the underlying criminal infrastructure. 

"It's no longer about firefighting individual infringements. It's about looking at the domains, the ads and the payment channels cyber criminals are using. And it's also the bad actors before that.”

“It's bringing that all together and making sure that you're taking it down the infrastructure at source so that it's leaving them no opportunity to rebuild again," added Deegan.

The speakers agree that the traditional method has become a continuous "whack-a-mole" game against sites that instantly reappear due to AI. To be effective, brands "need to embed monitoring with intelligence and rapid enforcement" to break down the entire operation, making it too costly and difficult for the criminals, who will "eventually get fed up and move on to some other soft target."

Takeaways

• The landscape of online fraud is rapidly evolving due to AI.
• Two-thirds of humanity is now online, increasing vulnerability.
• Fake shops can deceive consumers with convincing ads and websites.
• Trust in brands is significantly impacted by online scams.
• Organisations need to dismantle the networks behind scams, not just individual sites.
• AI can be used for both scams and brand protection.
• Consumer education is crucial in combating online fraud.
• The rise of autonomous AI poses new challenges for brand protection.
• Monitoring and rapid enforcement are essential for effective protection.
• Every department in an organisation has a role in brand protection. 

Chapters

• 00:00 Introduction to Cybersecurity and Brand Protection
• 02:55 The Evolution of Online Fraud
• 05:56 The Impact of AI on Scams
• 09:03 Understanding the Mechanics of Fake Shops
• 12:10 Strategies for Effective Brand Protection
• 14:44 The Role of AI in Brand Protection
• 17:52 Consumer Awareness and Education
• 21:00 Engaging with EBRAND for Protection Solutions

About EBRAND

EBRAND detects and eliminates infringements, supporting streamlined, well-protected organisations. Safeguarding IP, cyberspace, and domain portfolios, we deliver the tools you need to stay ahead of scammers and impersonators in an AI-enhanced ecommerce world. With local experts and an international scope, our hubs across Europe, North America, and Asia boost and protect leading organisations across the globe. Comprehensive EBRAND services meet business needs across sectors, industries, and markets, so get in touch! Together, we'll implement a future-proof solution to help your team embrace your next challenges with the tools to succeed.

According to CISCO’s VP, 94 per cent of CISOs believe that complexity in identity infrastructure decreases their overall security. 

In this episode of The Security Strategist podcast, Alejandro Leal, podcast host and cybersecurity thought leader, speaks with McDermid about Identity Fabric, the modern threats to identity security, the role of AI in cybersecurity, and the importance of collaboration among industry players to combat these novel threats. 

Stephen emphasises the need for organisations to adopt a proactive approach to identity governance and to recognise that identity security is a critical component of overall cybersecurity strategy.

Poor Identity Governance

Enterprises today face a complicated web of users, applications, and data. Identity, once hailed as a small IT problem, is now at the forefront of cyberattacks, and they are becoming highly lucrative targets for cybercriminals. 

Alluding to recent high-profile breaches on the UK high street, McDermid points out the financial impact estimated in hundreds of millions of dollars. The common feature observed among these cyber incidents is the misuse of “poor identity governance.” This happens when users’ old login information lacks multi-factor authentication (MFA) or when attackers use social engineering to reset passwords. 

The reality today is that attackers now use automation and AI to find valid identities, which makes their work easier than ever, owing to a vast number of compromised credentials available online. The scale of the threat is massive. McDermid noted that "fraudulent sign-ups actually outnumbered legitimate attempts by a factor of 120." This indicates that organisations need to accept that "a breach is inevitable."

Ultimately, McDermid's message was clear and pressing. He urged CISOs to understand where their identities are throughout their businesses. Furthermore, he stressed on the need to assume a breach and consider how to respond. 

The CSO also called for them to challenge their SaaS vendors to commit to the new standards. In his opinion, only through this type of collective action can the security community hope to make a difference in what seems to be a losing battle right now.

Takeaways

• Identity Fabric is a framework for managing identities at scale.
• Modern attacks exploit poor identity governance and lack of MFA.
• Organisations must assume breaches are inevitable and prepare accordingly.
• AI can enhance identity threat detection and response.
• Collaboration among vendors is essential for improving security standards.
• Human oversight is crucial in AI decision-making processes.
• Shared Signals Framework improves API efficiency and security.
• Interoperability is key to addressing identity security challenges.
• Organisations should centralise governance of identities throughout their lifecycle.
• CISOs must stay informed about emerging threats and trends.

Chapters

• 00:00 Understanding Identity Fabric
• 02:21 Modern Threats to Identity Security
• 06:32 Collaboration in Cybersecurity
• 10:38 AI Agents and Identity Security
• 14:14 Key Takeaways for CISOs

This is the philosophy Ian Amit, CEO of Gomboc AI, shared in a recent conversation with Dana Gardner, Principal Analyst at Interarbor, on the Security Strategist podcast. Amit argues that the next era of DevSecOps depends on rethinking how engineering and security come together.

Moving Beyond Shift-Left Fatigue

The traditional push to “shift security left” has often backfired. Developers face alert fatigue, drowning in warnings that obscure the real issues. Security teams end up chasing vulnerabilities rather than preventing them. Amit reframes the goal as engineering excellence:

“I want to be proud of my code. It should be secure, resilient, efficient, and fully optimized. That’s what I call engineering excellence.” — Ian Amit, CEO, Gomboc AI

Attackers only need to succeed once; defenders must be right every time. By closing the gap between development and operations, organizations can cut MTTR and reduce risk exposure.

Balancing Accuracy

Generative tools can accelerate development, but they introduce instability.

“With that 10x code, you’re also getting 10x the bugs,” Amit explains.

Deterministic approaches, by contrast, deliver repeatability and precision. Neither alone is a silver bullet. As Amit puts it:

“Use generative to cut through tedious work. Use deterministic approaches to align output to your own standards. You don’t want someone else’s standards creeping into your environment.”

Seamless DevSecOps

The future of enterprise security isn’t about more checkpoints. It’s about weaving security into development pipelines, enabling distributed teams to collaborate without friction. Gomboc AI’s approach centres on reducing engineering toil and empowering enterprises to achieve fast, safe, and automated development.

Key Takeaways

• Traditional shift-left security can create alert fatigue.
• Generative tools speed development but may increase bugs.
• Deterministic approaches offer accuracy and repeatability.
• Mean time to remediate (MTTR) is the most critical success metric.
• Collaboration across distributed teams is essential.
• Security must integrate seamlessly with DevOps processes.

Chapters

00:00 Introduction to DevSecOps and Its Importance

03:08 Challenges in Traditional Shift Left Approaches

06:07 The Role of AI in Development and Security

08:58 Balancing Generative and Deterministic AI

11:52 Automation and Metrics of Success in Security

14:44 Collaboration in Distributed Teams

17:59 Integrating SecOps into Existing Processes

20:56 Future of AI in DevSecOps

23:53 Gomboc AI's Approach to Bridging Gaps

About Gomboc AI

Gomboc.ai is a cloud infrastructure security platform built to simplify and strengthen security at scale. By connecting directly to cloud environments it provides complete visibility and protection across risks. Its deterministic engine automatically detects and fixes policy deviations in Infrastructure as Code (IaC), delivering tailored, policy-aligned fixes as pull requests or commits straight into existing DevOps workflows. With Gomboc.ai, enterprises eliminate security backlogs, accelerate remediation, and release with confidence—without slowing innovation.

In this episode of The Security Strategist podcast, host Richard Stiennon, an author and the Chief Research Analyst at IT-Harvest, speaks with Curry, Zscaler CISO, about the need for a shift to a model derived from authenticity, the role of agentic AI in security operations, and the criticality of awareness in adopting to changes brought by AI.

The conversation also touches on the necessity of establishing trust and accountability in AI systems, as well as the implications for cybersecurity professionals in an increasingly automated world.

AI Allows Easy Transition to Complex & Strategic Work 

The cybersecurity industry is constantly warring against malicious actors. As attackers become more skilled, especially with AI in the picture now. Security professionals must step up their skills just to keep pace with the advancements brought by AI. Instead of taking away jobs, it enables security experts to break free from repetitive manual tasks. Such a transition allows them to focus on more complex and strategic work.

"We spend a lot of our time in the SOC doing manual tasks repetitively and trying to glue things together," Curry says. "When you manage not to think about the tools, your ability to perform a task improves drastically."

AI adaptations bring other changes that also help IT teams find better ways to perform their jobs. They move from simple detection and response to a more proactive approach to security. Curry believes that in this new environment, there will still be plenty of jobs; they'll just be more engaging and valuable.

Ethics & Logic are Crucial to Work With AI

For universities and educational institutions, the rise of AI in cybersecurity poses a significant challenge. The traditional emphasis on technical certifications like Certified Ethical Hacking and Security+ is no longer adequate. Future jobs will demand a deeper understanding of fundamental principles.

"They're going to have to walk over to the philosophy department," Curry explains. "They'll probably need to engage with the social sciences department. Understanding ethics and logic is crucial because they have to work with AI and assess whether the information it provides is logical."

The key is in coding, running scripts, but most importantly, it’s in learning to collaborate with AI as a partner. However, a boost in education is necessary to help cybersecurity professionals comprehend the principles of logic, ethics, and sociology. Such an approach to awareness will help IT teams find their way through the convoluted relationships between humans and AI.

As agentic AI becomes more common, we are shifting away from traditional security models. Authentication and authorisation are no longer sufficient. The new reality calls for a focus on authenticity.

Takeaways

• The rise of agentic AI necessitates a new security model based on authenticity.
• AI is not just a tool for attacks; it can enhance defensive strategies.
• Organisations must consider privacy and data handling when implementing AI.
• The role of cybersecurity professionals will evolve, focusing on more complex tasks.
• Education in cybersecurity must adapt to include ethics and logic.
• AI can help automate repetitive tasks, allowing for more interesting work.
• Trust and accountability are crucial in the deployment of AI systems.
• Consumption metrics can provide deeper insights into product value.
• Understanding user engagement is more important than just satisfaction surveys.
• The future of cybersecurity will involve continuous adaptation to new threats. 

Chapters

• 00:00 The Rise of Agentic AI in Cybersecurity
• 09:05 The Future of Cybersecurity Jobs
• 12:45 The Role of Education in Cybersecurity
• 19:42 Establishing Trust in Agentic AI

In this episode, Richard Stiennon, Chief Research Analyst at IT-Harvest and host of Security Strategist, discusses container security with John Morello, CTO and Co-Founder of Minimus, and Murugiah Souppaya, Former Computer Scientist at the National Institute of Standards and Technology (NIST). Together, they focus on NIST Special Publication 800-190, exploring its role in providing best practices for securing containers, the recommendations outlined in the guide, and the approach required for effective container security. 

The conversation also examines current best practices and the future of container security, emphasizing the importance of compliance and the integration of security throughout the development lifecycle.

Why NIST SP 800-190 Still Matters

NIST’s framework was designed for both government and industry, offering guidance on how to:

• Integrate security early in the application lifecycle.
• Apply a holistic approach from hardware to workload.
• Build with minimalistic and secure container images.
• Maintain compliance with regulations and standards.
• Continuously monitor and update security practices.
• Understand the full container lifecycle from creation to retirement.

As Murugiah Souppaya explains:

“We want to make sure that people think of container security holistically, and also think about the full lifecycle management of the container itself. Like anything else in the enterprise, you want to look at this end-to-end and fill those gaps.”

Insights on the Development of Container Security

NIST SP 800-190 arrived at a time when containers were new to most organizations. Now, they have become the standard way to deploy applications at scale.

John Morello recalls:

“Around 2016 or so, containers were pretty new in the world. Containers and containerization in other forms had existed in the past, but it was really becoming a mainstream technology that was commonly used across many organizations.”

This fast-paced adoption forced organizations to rethink their security culture. Containers required not only new technical controls, but also a shift in mindset: security had to be built-in from the start.

Takeaways

• Container security became critical with the rise of cloud-native applications.
• NIST aims to provide guidance for both government and industry.
• The 800-190 guide offers a framework for securing containers.
• Security must be integrated early in the application lifecycle.
• Containers require a shift in security culture and practices.
• Holistic security involves securing hardware to workload.
• Best practices include using minimalistic and secure images.
• Compliance with regulations is essential for container security.
• Continuous monitoring and updating of security practices are necessary.
• Understanding the full lifecycle of containers is crucial for security.

Chapters

00:00 Introduction to Container Security and NIST 800-190

02:58 The Importance of NIST in Container Security

05:52 Key Recommendations from the NIST Guide

08:44 Holistic Approach to Container Security

11:53 Current Best Practices in Container Security

14:47 Future of Container Security and Continuous Improvement

About Minimus

Minimus solves the endless treadmill of cloud software vulnerabilities by simply preventing them from existing. Minimus provides secure, minimal container and VM images, rebuilt from scratch daily to eliminate over 95% of CVEs.
Founded by the team behind container security pioneer Twistlock, Minimus raised $51 million seed funding from YL Ventures and Mayfield. The company is headquartered in Baton Rouge with offices in New York, Tel Aviv, and Portland, OR. To learn more, visit minimus.io.

In this episode of Security Strategist, host Trisha Pillay sits down with Director of Threat Research at N-able, Kevin O’Connor to unpack how AI is reshaping phishing and what it means for businesses, especially small and medium-sized organizations that often lack the resources to keep up. Drawing on insights from the N-able Threat Report, O’Connor explains why traditional defenses and old-school user training aren’t enough to stop today’s AI-crafted scams.

O’Connor says:

“In the past, phishing emails were easy to spot, you’d see clumsy grammar mistakes, generic wording, they were just very obvious. But with the new wave of AI-enabled phishing emails, we’re seeing tailored attacks that pull from social media profiles and other sources. These messages are highly polished, they look convincing, and the worrying part is that attackers can now do this at scale. That means even IT professionals and security pros are at risk.”

Why Even Experts Are Falling for AI-Powered Phishing

Drawing on insights from the latest N-able Threat Report, this is why the shift is so dangerous:

• AI is changing the landscape of social engineering. Messages are tailored, credible, and increasingly difficult to block or filter.
• Phishing emails are now more convincing than ever. Attackers can create unique, targeted scams instead of blasting out obvious mass emails.
• Even experts are vulnerable. IT teams and security professionals are no longer immune.
• User training must evolve. Old advice like “look for spelling mistakes” won’t cut it anymore. Employees need new skills to recognize modern threats.

The conversation also looks ahead at what enterprises can do now to strengthen defenses, updating training, and preparing for a future where AI will play a role on both sides of the cybersecurity battle.

Takeaways

• AI is changing the landscape of social engineering.
• Phishing emails are now more convincing than ever.
• Even tech-savvy employees can fall for scams.
• SMBs are increasingly targeted due to their vulnerabilities.
• User training must evolve to address modern threats.
• Two-factor authentication is critical for financial transactions.
• Organizations need to know their data exposure.
• Incident response planning is essential for preparedness.

Automated responses can enhance security measures.

The threat of compromise is a matter of when, not if.

Chapters

00:00 Introduction to AI-Driven Threats

02:09 The Evolution of Phishing with AI

05:42 The Rise of Attacks on SMBs

08:56 Preventative Measures for Organizations

12:36 The Future of AI in Cybersecurity

About Kevin O’Connor

Kevin O’Connor is the Director of Threat Research at N-Able and brings over eight years of experience in U.S. Intelligence Community and Department of Defense cyber operations, gaining first-hand insight into how nation-state adversaries think and operate. He later applied that expertise in private industry threat research, translating intelligence into practical, enterprise-grade security solutions. O’Connor continues to focus on Threat Research, bringing those capabilities from a startup to a larger organization, increasing reach, insights, and cross-industry impact.

O’Connor’s strength lies in bridging technical depth with strategic insight. He can analyze advanced persistent threats and kernel-level exploits while advising business leaders on risk, investment, and operations. With expertise in offensive cyber operations, defensive engineering, and threat intelligence, he turns complex security challenges into actionable strategies that help enterprises stay resilient.

In this episode of The Security Strategist Podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks with Jaime Jorge, the Founder and CEO of Codacy, about secure software development in the age of AI. 

The speakers talk about how quickly coding is evolving due to AI tools, the rise of autonomous coding agents, and the major security issues that come from this faster development. 

Jorge emphasised the importance of maintaining security practices and highlighted Codacy's role in providing thorough security analysis to ensure that AI-generated code is safe and reliable. The discussion also looks at the future of AI in software development and what IT leaders need to do to manage these changes.

Software Development in an Era of AI

The world of software development is changing dramatically, the Codacy founder conveyed on the podcast. With AI tools like GitHub Copilot and Cursor becoming mainstream, developers are writing code faster than ever. Host Stiennon refers to this new era as "vibe coding," meaning the ability to create code at an incredible speed.

However, this speed can bring serious and risky consequences. Data has shown that AI-generated code often has vulnerabilities. Some studies have found that these vulnerabilities can reach as high as 30-50 per cent. A Front Big Data study reported that 40% of the code suggested by Copilot had vulnerabilities. “Yet research also shows that users trust AI-generated code more than their own.”

This trend is widening the gap between quick development and secure, enterprise-grade software.

How to Keep up With Autonomous Coding Agents?

“Without a doubt, one of the most significant trends that we're seeing is coding agents,” the CEO of Codacy told Stiennon. “Autonomous coding agents are becoming extremely skilled at taking a prompt and creating full-fledged products, getting even to the intentions that users have.”

However, the challenges of autonomous agents cannot be denied. Jorge believes this is more than just a technical issue. It reflects a basic misunderstanding of how to use these powerful new technologies.

He pointed out that it's dangerous to assume we can completely hand over decisions about the code generated by AI. Important software development practices, such as building security into the design and having human code reviews, shouldn't be overlooked. 

The convenience of using AI to quickly generate code for a project means we have a greater responsibility to review the code ourselves, to evaluate it, or to ensure that other people approve it.

Jorge’s key message to CISOs, CTOs and IT decision-makers is that AI is here to stay and that their teams are already likely using it. This wave is hard to ,ride but “you have a choice in how to ride it.”

"AI-generated code can secure our tools, and our agents are empowered with security capabilities. You can move fast if you have the right guardrails."

The best practices Codacy developed over decades, such as CI/CD, code review, and security by design, are the tools that can help them use AI effectively. 

Takeaways

• AI tools are accelerating software development significantly.
• Autonomous coding agents are becoming increasingly capable.
• The speed of development introduces new security vulnerabilities.
• 30-50% of AI-generated code contains vulnerabilities.
• Security practices like code reviews are more important than ever.
• Companies are still defining policies for AI use in coding.
• Codacy provides end-to-end security analysis for code.
• AI can enhance security if integrated properly into workflows.
• IT leaders must adapt to the rapid changes in coding practices.
• The future of coding will involve more collaboration between AI and human developers.

Chapters

• 00:00 Introduction to AI in Software Development
• 02:54 The Rise of Autonomous Coding Agents
• 05:47 Security Challenges in Rapid Development
• 09:12 Codacy's Approach to Security
• 12:08 Future of AI in Software Development
• 15:09 Key Takeaways for IT Leaders

About Codacy

Codacy is a developer-first, API-driven platform that provides a curated collection of best-in-class code analysis, AppSec scanning, and AI governance tools.

Codacy integrates seamlessly into existing development workflows, empowering development teams to deliver secure, high-quality software faster. 

Codacy is the only DevSecOps platform that delivers plug-and-play AppSec and Code Quality for AI-generated and human-written code. Future-proof your software – from source code to runtime – without extra servers or build steps. Deploy within minutes and stay ahead of emerging risks today.

In this episode of The Security Strategist Podcast, Richard Stiennon, the Chief Research Analyst at IT-Harvest, an author and a trusted cybersecurity advisor, speaks with Abergel about how Hypertext Transfer Protocol Secure (HTTPS) encryption is creating new challenges for cybersecurity professionals. 

They also talked about how DDoS attacks have changed to take advantage of new weaknesses that are hidden in plain sight within encrypted traffic. They discussed what organisations need to do to improve their defences.

HTTPS Encryption Creating Challenges for Defenders

Hypertext Transfer Protocol Secure (HTTPS) encryption is known to have made the internet safer, especially from DDoS attacks. However, it has also created new opportunities for attackers. Threat actors in the modern day are leveraging encrypted traffic to camouflage malicious activity. Unfortunately, traditional cybersecurity tools have been unsuccessful at spotting and blocking these hidden attacks. This is simply because they cannot decrypt the data of such modern-day cyber breaches.

Abergel says that unless an organisation can decrypt the traffic, it cannot see what's inside, allowing sophisticated DDoS attacks to go undetected. This presents a dilemma for IT decision-makers, as they are understandably reluctant to surrender the "keys to their castle" by allowing a third party to decrypt their protection walls.

Especially, with the rise of “tsunami attacks”, in other words, DDoS attacks, the network layer becomes more vulnerable. Attackers deliberately target the application layer of a protected network to overwhelm the application, not the entire network. 

Essentially, hackers take advantage of a grey area in cybersecurity, explains Abergel. "WAFs are not equipped to deal with sophisticated web DDoS attacks. And network layer mechanisms and defences for DDoS attacks cannot recognise a DDoS attack on the application layer only by looking at the network layer."

This means attackers found a comfortable and effective spot to launch their campaigns, often without severe consequences.

Also Watch: From Prompt Injection to Agentic AI: The New Frontier of Cyber Threats

How to Protect Your Business Without Compromising Your Keys

What is the solution when an organisation can't share their encryption keys? This is a major concern, especially for regulated industries that are legally prohibited from sharing this sensitive information to even the most trusted cybersecurity firms. 

To learn more about the solution, and how Radware can help you defend against modern cybersecurity threats, watch the podcast on EM360tech.com. You can watch the video version on our YouTube channel, @EM360Tech, or listen to the audio version on EM360Tech’s Spotify series, The Security Strategist podcast.

Takeaways

• DDoS attacks have evolved significantly since their inception.
• HTTPS encryption, while beneficial, has created new vulnerabilities.
• Modern DDoS attacks often mimic legitimate traffic, complicating detection.
• AI is accelerating the sophistication of DDoS attacks.
• Organisations must balance user experience with security measures.
• The financial sector faces severe consequences from DDoS downtime.
• Solutions exist that do not require sharing encryption keys.
• CISOs should seek tailored solutions for their specific needs.
• Understanding the threat landscape is crucial for effective defence.
• Proactive measures are essential to stay ahead of evolving threats.

Chapters

• 00:00 Introduction to DDoS Attacks and Their Evolution
• 02:52 The Impact of HTTPS on DDoS Attacks
• 06:08 Modern DDoS Attacks: Scale and Sophistication
• 08:46 AI's Role in DDoS Attacks
• 12:05 Challenges in Mitigating Application Layer DDoS Attacks
• 14:58 Finding Solutions Without Decryption Keys
• 17:02 Key Takeaways for IT Decision Makers

In the recent episode of The Security Strategist podcast, Chris Steffen, the Vice President of Security Research at Enterprise Management Associates (EMA), sits down with Varadarajan to talk about how deception is changing threat detection in compromised enterprise environments. 

The CEO of Acalvio, alluding to the main issue in modern cybersecurity, explains that the old security model, which aims to create an impenetrable perimeter, is no longer enough. Attackers, equipped with more advanced tools, are discovering new methods to bypass these defences. The old "fortress mentality" is outdated.

Assume Compromise!

Both Varadarajan and Steffen agree that modern-day cybersecurity is not a matter of if an attacker will get in, but it's about anticipating when the attacker will get in. This mindset, referred to as "assumed compromise," means that a determined attacker will eventually find a way inside your network, especially with AI in the picture.

Varadarajan explains, "The defender has to be right all the time in stopping the attacker at the door, whereas the attacker needs to be only right once to get past the perimeter and get inside the house."

This imbalance gives attackers a significant edge. The vast number of entry points—from on-premise systems to cloud services and remote access—makes it impossible to secure each one perfectly. Consequently, the focus should be on what happens after an attacker is inside.

So, how are businesses approaching such constantly looming threats?

Deception: A Preemptive Strike

This is where deception technology becomes an effective, proactive defense strategy. Instead of waiting for a breach to happen and then trying to fix the damage, deception actively engages and misleads the attacker.

"If you're assuming that the attacker is going to be inside, the question is how do you find these attackers and bad actors quickly and precisely so that you can conduct the enterprise's business?,” elucidates Varadarajan.

Deception technology creates a web of fake assets, data, and credentials, forming a digital minefield for attackers. When an attacker tries to move laterally through the network or gain higher privileges, they interact with these decoys. This interaction provides an immediate, clear signal that a malicious actor is present, allowing defenders to stop them before they can reach their real target.

The old methods of securing a network are no longer enough, agree both Varadarajan and Steffen. The rise of sophisticated, AI-driven attacks requires a new, proactive approach.

"Preemptive defense based on deception is a very legitimate and well-understood way of solving this problem,” stated Varadarajan.

Enterprises are advised to switch strategy from defending the perimeter to actively deceiving and identifying within the network. This would help organisations to regain control. Deception technology offers a vital home-field advantage, making it an important part of any modern cybersecurity strategy.

Takeaways

• Deception technology is a natural and effective strategy in cybersecurity.
• Traditional perimeter defenses are no longer sufficient against modern threats.
• The 'assumed breach' mindset is essential for contemporary cybersecurity strategies.
• Operationalizing deception technology can significantly enhance threat detection.
• AI can streamline the creation and management of deception environments.
• Preemptive defense is more effective than reactive strategies in cybersecurity.
• Organizations must adapt to the increasing number of entry points into their networks.
• Reducing dwell time for attackers is crucial for effective defense.
• Cybersecurity strategies should account for both external and internal threats.
• Deception technology can help identify both active attackers and dormant malware.

Chapters

• 00:00 Introduction to Cybersecurity Challenges
• 03:05 Understanding Deception Technology
• 06:14 Shortcomings of Conventional Cybersecurity
• 09:11 The Shift from Fortress Mentality
• 12:03 Assumed Breach: The New Normal
• 15:00 Operationalizing Deception Technology
• 18:01 The Role of AI in Cybersecurity
• 21:03 Velocity of Cyber Attacks
• 23:46 Preemptive Defense Strategies
• 26:59 Key Takeaways and Conclusion

Together, they explore the vulnerabilities of passwords and conventional MFA, and why phishing-resistant authentication is no longer optional; it’s a strategic imperative for chief information security officers (CISOs).

"Passwords alone just don’t cut it," says Sarginson. Hackers can launch sophisticated attacks in minutes, and traditional MFA often isn’t enough to stop them. Organisations should turn to device-bound passkeys and physical security keys not just as tools, but as a way to rethink enterprise security, stay ahead of compliance pressures, and embrace a passwordless future.

"Attackers can now launch sophisticated campaigns quickly and cheaply using publicly available data. That’s why breaches today are far more dangerous, and why weak MFA or social engineering is often involved." — Nic Sarginson, Yubico,

Why This Matters for CISOs

Cybersecurity leaders face growing pressure to defend against phishing attacks, navigate evolving compliance demands, and deliver secure experiences for users. Sarginson shares practical strategies, expert insights, and real-world examples to help CISOs and IT leaders build a stronger, passwordless future.

Takeaways

• Passwords are fundamentally broken and pose a major vulnerability.
• Recent breaches highlight the inadequacy of traditional MFA.
• Device-bound passkeys offer stronger protection against phishing.
• Integration of new security methods is a significant challenge for enterprises.
• Real-world case studies show measurable improvements with security keys.
• Regulatory frameworks are increasingly mandating strong MFA.
• Phishing resistance must become the default in security strategies.
• The technology for passwordless solutions is now prevalent.
• Security leaders must advocate for proactive security measures.
• User education is crucial for the adoption of new security technologies.
• 
  

Chapters

00:00 Introduction to Authentication Challenges

02:15 The Impact of Recent Data Breaches

05:30 The Entrenchment of Passwords and MFA

08:22 Exploring Device Bound Passkeys

11:20 Integrating Physical Security Keys

14:34 Real-World Case Studies and Metrics

17:24 Regulatory Pressures and Future Trends

20:27 The Path to Passwordless Security

About Nic Sarginson

Nic Sarginson is a senior solutions engineer for UKI and RSA at Yubico. An industry veteran, he has held a range of roles in cybersecurity and enterprise solutions, helping organisations adopt strong authentication methods and enhance their phishing resistance strategies.

In this episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks with Wohns about modern-day cybersecurity threats driven by AI. They discuss the need for a strong security culture, innovative training methods, and the importance of adapting to new attack vectors. 

The founder of Jericho Security, an AI-powered human risk management platform, talks about the shift from traditional rule-based defences to probabilistic approaches. Additionally, Wohns spotlighted the necessity of using AI to counter AI in the fight against cyber threats. 

Generative AI: A Cause for Concern in Cyber Security

The speakers agree that every organisation today has one common and new challenge. It’s the rise of generative AI. This is because gen AI is a tool quickly and widely being used in cyber tech. “We have moved past simple, templated attacks to a new era,” iterated Wohns. Threats have now become more dynamic, personalised, targeted and scalable in ways the world has never witnessed before.

For years, cybersecurity training has depended on static, rule-based defences. Consider those generic phishing emails from a "Nigerian Prince" or a fake Google logo. However, as Wohns points out, attackers no longer follow a script. They are using AI to create complex, multi-channel attacks that can take advantage of publicly available information and stolen data to target individuals.

This new reality shows that old "checkbox training" is outdated. An attack on a salesperson will differ significantly from an attack on an accountant, and both will be tailored to exploit specific weaknesses. These attacks go beyond emails; they include deepfake voice calls, fake videos, and coordinated messages that blur the line between what is real and what poses a threat.

Takeaways

• AI is rapidly changing the landscape of cyber threats.
• A strong security culture is essential for organisations.
• Traditional training methods are outdated and ineffective.
• Probabilistic defences are needed to counter dynamic attacks.
• Creating a positive security culture encourages reporting mistakes.
• Multi-channel attacks are becoming more sophisticated.
• Generative AI can be used to simulate realistic attacks.
• Tailored training can enhance employee engagement and effectiveness.
• Using real-world data makes training relevant and impactful.
• AI solutions must evolve to keep pace with attackers.

Chapters

• 00:00 Introduction to Cybersecurity and AI Threats
• 03:01 The Evolution of Cyber Threats
• 05:50 Innovative Approaches to Security Training
• 08:55 Probabilistic Defences vs. Rule-Based Systems
• 11:49 Creating a Positive Security Culture
• 15:02 Multi-Channel Attacks and Emerging Threats
• 18:13 Key Takeaways for IT Decision Makers

About Jericho Security 

Jericho Security is transforming cybersecurity training with an AI-powered platform that defends against modern phishing threats. Its proprietary agentic AI delivers multi-channel simulations mimicking real-world attacks across email, voice, messaging, and video. Designed for highly scalable deployments, customizable training and performance tracking. Trusted by the U.S. Department of Defense and honoured with four Global InfoSec Awards at RSA Conference 2025, Jericho is at the forefront of human-centred, AI-driven cyber defence.

"Think of Hardware Security Modules (HSMs) like a master vault in a bank for an entire organization's digital security," said David Close, Chief Solutions Architect at Futurex. More than just an analogy, this is the reality of how modern enterprises are secured.

Cybersecurity is full of complexities despite various advancements. Some aspects of it run constantly behind the scenes and occasionally go unnoticed until a breach strikes. Among these essential elements, Hardware Security Modules (HSMs) play a key role in maintaining digital trust. 

In a recent episode of The Security Strategist podcast, Richard Stiennon explores with Close why HSMs have become the invisible guardians protecting our digital lives.

What is a Hardware Security Module (HSM)?

At its core, a Hardware Security Module (HSM) is specialized, tamper-proof hardware that protects cryptographic keys and performs cryptographic operations. Close alludes to an analogy to describe an HSM, stating it's "the vault where you store all the keys to everything. The vault keys, the safety deposit keys, even the digital keys to the security system itself." 

Born in the early 1980s for the payment industry, HSMs have evolved into the root of trust for almost every sector. They verify authenticity and safeguard encryption for tasks like processing payments, signing code, issuing identities, and encrypting sensitive data. 

"If someone gets into the master vault, they don't just have access to one thing. They have access to everything," says Close, illustrating the importance of HSMs for stronger security. This is why regulatory bodies like PCI mandate HSM usage for organizations handling sensitive payment data.

To make HSMs more accessible and user-friendly, Futurex's main solution is CryptoHub Cloud. It works as an HSM as a Service (HSMaaS).

Close describes HSMaaS as not just a cloud version of HSM but a "centralized cryptographic service provider." Unlike some solutions that operate in shared cloud infrastructure, Futurex's CryptoHub Cloud runs in purpose-built cryptographic environments that are fully isolated. 

Such a unique approach gives customers full control, predictable performance, and independence from the cloud provider's native crypto stack. This is also an important factor for organizations in regulated industries.

HSMs Enforce Policy

"HSMs don't just solve crypto problems,” says Close, “they create predictability and enforce policy, also allow you to have a true security model that is effective at scale."

In a world that depends more on digital systems, it is essential to understand and use the power of HSMs. They act as invisible protectors, making sure our most sensitive digital assets remain secure and trustworthy.

Takeaways

• HSMs are essential for protecting cryptographic keys and sensitive data.
• The evolution of HSMs has made them easier to use and integrate into cloud environments.
• Crypto agility allows organizations to adapt to new cryptographic algorithms without replacing existing infrastructure.
• HSMs enforce strict access controls and audit logs for all cryptographic operations.
• Regulatory bodies mandate the use of HSMs for managing sensitive payment data.
• HSMs provide a physical layer of security that software alone cannot offer.
• Organizations can achieve significant performance improvements by offloading cryptographic operations to HSMs.
• Futurex's CryptoHub Cloud offers a centralized cryptographic service for organizations.
• HSMs help organizations meet compliance requirements while leveraging cloud benefits.
• Real-world use cases demonstrate the operational efficiencies gained through HSM deployment.

Chapters

• 00:00 Introduction to Cybersecurity and Cryptography
• 02:19 Understanding Hardware Security Modules (HSMs)
• 08:00 FuturexX CryptoHub Cloud and Its Applications
• 11:04 The Importance of HSMs in Payment Security
• 13:02 True or False: HSM Myths and Facts
• 20:56 Real-World Use Cases of HSMs

About Futurex

For over 40 years, Futurex has been an award-winning leader and innovator in the encryption market, delivering uncompromising enterprise-grade data security solutions. Over 15,000 organizations worldwide trust Futurex to provide groundbreaking hardware security modules, key management servers, and cloud HSM solutions.

Futurex is headquartered outside of San Antonio, Texas, with regional offices worldwide and over a dozen data centers across five continents, and delivers unmatched support for its clients’ mission-critical data encryption and key management requirements.

The quote sets the tone of the recent episode of The Security Strategist podcast. In this episode, Shubhangi Dua, Podcast Host and Producer, sits down with Skwarczek, an award-winning CEO recognised by Forbes. They talk about the evolution of online marketplaces, the importance of security, and the role of people in business. 

They discuss the challenges of operating a global marketplace, the significance of diversity in teams, and the future of payment security technologies. 

Bartosz emphasises the importance of a proactive approach to cybersecurity and the use of AI in business operations. He also highlights the essential role of human values and communication in creating a successful organisation.

Proactive and Multi-Layered Approach to Cybersecurity

Security is a top priority for G2A, Skwarczek articulated. He adds that it's a "constant improvement" and a "kind of battle that you have with the bad actors." To stay "one step ahead of attackers," G2A deploys a multi-layered defence strategy.

The multi-layered strategy starts with careful monitoring of threat intelligence channels to ensure organisations stay on top of the latest threats, vulnerabilities, and methods used by malicious actors.

A dedicated incident response team has clearly defined roles and responsibilities. They can respond immediately to any security incidents, especially those related to different types of fraud, such as friendly fraud (chargeback fraud) or traditional credit card fraud. 

Skwarczek says that employee training is extremely important. G2A conducts mandatory training every month for its employees, assuring they know how to avoid common mistakes like phishing emails. Especially considering that over 3 million phishing emails are sent every day.

Skwarczek also emphasises the importance of these ongoing audits. Alluding to the constantly changing market, He says cyber criminals constantly devise new tricks. This is why frequent evaluations are needed to ensure G2A is moving in the right direction. 

AI, Blockchain, and the Future of Payment Security

Looking ahead, Skwarczek talked about the future of payment security. He recognised the complicated relationship between new technologies and strict regulations.

The payment industry is inherently "conservative because it's regulated," he added, with extensive regulatory frameworks that ensure the safety of people's money. This intentional pace, however, coexists with rapid technological advancements. Skwarczek specifically pointed to the growing influence of AI and blockchain.

While AI offers immense promise in enhancing security and streamlining operations, it's also a "double-edged sword," with "bad actors" leveraging AI to become "smarter with cheating." G2A's approach to AI is to be "AI native," focusing on educating every department on the basics of AI and guiding them to use specific AI tools relevant to their functions, from marketing to security. Regular evaluations ensure that these AI implementations are effective and continually improved.

Takeaways

• The core message is always about people.
• Security is a top priority in online marketplaces.
• Diversity presents both challenges and opportunities.
• Building a strong team is essential for global operations.
• AI can be both beneficial and a threat in cybersecurity.
• Education and training are crucial for preventing phishing attacks.
• Proactive cybersecurity measures are necessary to stay ahead of threats.
• Communication within teams is vital for success.
• Diversity enhances problem-solving and innovation.
• The future of payment security is uncertain but full of potential.

Chapters

00:00 Introduction to G2A and Bartosz Skwarczek

02:10 The Importance of People in Business

03:23 Understanding Cloud Marketplaces

05:08 Security Frameworks in Online Marketplaces

06:38 Challenges of Global Payment Diversity

11:15 Building a Strong Team for Global Operations

15:54 The Role of AI in Cybersecurity

20:03 Securing Transactions and Avoiding Fraud

24:40 Proactive Cybersecurity Measures

27:34 The Importance of Communication in Teams

29:52 Diversity as a Strength in Business

32:03 Future of Payment Security Technologies

36:37 Key Takeaways for Decision Makers

About G2A

G2A.COM is the largest and most trusted marketplace for digital entertainment in the world. More than 30 million people in 180 countries have made over 100 million purchases on the platform. 

Customers can explore a vast catalogue of over 75,000 digital products, including games, DLCs, in-game items, and non-gaming items like gift cards, subscriptions, software, and e-learning resources. These products are offered by sellers from around the globe.

G2A.COM is also known for its strong focus on online security. It has received the American CNP award, joining well-known companies like Microsoft, Barclay's Bank, and First Data.

As Pascal Geenens, Director of Threat Intelligence at Radware, puts it, "It's AI, so everything is changing weekly. What I talked about two weeks ago has already changed again." 

The constant change means that malicious actors are not just adopting AI, they're leveraging it to create new threats at a striking pace. 

In this episode of The Security Strategist Podcast, Richard Stiennon, an industry Analyst, Author and Chief Research Analyst at IT-Harvest, speaks with Geenens.

They discuss how cybersecurity threats are enhanced by AI. This includes how attackers are using AI tools, the implications of new technologies like agentic AI, and the challenges posed by AI advancements. 

The conversation also touches on the role of nation-states in utilising AI for cyber operations, the concept of vibe hacking, and the future of interconnected AI agents.

AI-Driven Attacks Fuelled by Prompt Injection

Malicious hackers evidently first used AI in 2023, specifically through prompt injection attacks on large language models (LLMs) such as ChatGPT. 

Attackers would find "evasion techniques" to bypass ethical guardrails, asking questions indirectly to generate malicious scripts or gather information for attacks. 

Geenens says, "If you would ask the direct question, how can I commit a murder and get away with it? He would say, no, no, no, that goes against my ethical principles. But there are ways around it."

The game changed with the emergence of offline models and specialised services like WormGPT and FraudGPT. These models, distilled from larger ones and enhanced with hacking-specific information from underground forums, lowered the barrier to entry for aspiring cyber criminals. 

"They created their own model and sold it as a service underground. And that model was geared towards helping anyone with questions to interact with a prompt and to make their malware better, increase the effectiveness of their malware," explained Geenens. 

This accessibility meant that "more actors would actually move from script kiddie level to a more sophisticated level." Teenagers, in particular, took advantage of these AI assistants. They provided a friendly, non-toxic environment to learn and develop hacking tools, unlike the often unwelcoming underground forums.

The Rise of Agentic AI & Automated Exploits

In 2024, the focus shifted to AI agents, which provide attackers with automated workflows. Unlike LLMs, agents can interact with their environment, gather updated information, execute tools, and even spawn new agents that communicate with each other. 

"You can have a manager agent that says, okay, I need to develop something. It’s a big problem here. I need to develop a tool. I have an agent that does the development. I have an agent that does the QA testing,” depicts Geenens. “And then I have another agent who's a problem solver who will help the other tools do their job. And they interact with each other.”

This agentic capability majorly hastens the exploitation of vulnerabilities. Research showed that AI agents can quickly rebuild proof-of-concept exploits for published CVEs. 

Geenens stressed the dramatic reduction in time: "Earlier, when the CVE was published, it took 24 hours-48 hours and a security researcher who typically posted a proof of concept online in Python before the actual attacks in the wild would start.” 

“But now with those agents and those workflows has been proven as much easier to get access and to get a proof of concept. That window might now reduce from 48 hours to a couple of minutes,” he added. 

Takeaways

• AI is changing the landscape of cybersecurity threats.
• Attackers are using AI to enhance their hacking capabilities.
• Guardrails in AI are not foolproof against malicious intent.
• Teenagers are increasingly entering the cybercrime space due to AI tools.
• Agentic AI allows for automated workflows in attacks.
• The sophistication of attacks has not drastically changed, but entry barriers have lowered.
• Nation-states are using AI for disinformation and phishing.
• Vibe hacking represents a new frontier in automated vulnerability discovery.
• MCP and agent-to-agent protocols will shape the future of AI interactions.
• AI will be necessary to combat AI-driven threats.

Chapters

00:00 AI in Cybersecurity: The New Frontier

06:51 The Evolution of Hacking: From Script Kiddies to AI-Enhanced Threats

12:48 Nation States and AI: The New Age of Cyber Warfare

15:12 Vibe Hacking: The Future of Coding and Security

19:14 The Internet of Agents: A New Era in Cybersecurity

25:11 Emerging Threats: Indirect Prompt Injection Attacks