PodcastsEducationEnterprise Security Weekly (Audio)

Enterprise Security Weekly (Audio)

Adrian Sanabria
Enterprise Security Weekly (Audio)
Latest episode

484 episodes

  • Enterprise Security Weekly (Audio)

    Mastering agent permissions and Identiverse interviews - Howard Ting, Ajay Gupta, Sandy Bird, Amir Ofek - ESW #466

    06/07/2026 | 1h 17 mins.
    Interview with Sandy Bird, co-founder of Sonrai Security
    In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints.
    Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them.
    This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them!
    Segment Resources
    AWS Bedrock agent permissions: what you need to lock down before you go live
    Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome
    Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents.
    The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities.
    It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle.
    Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates.
    Download the SANS AI Security Maturity Model eBook
    This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them!
    The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security
    A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested.
    https://www.opal.dev/resource-center/identity-governance-report-2026-ai-access
    This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them!
    Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG
    Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance.
    This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Show Notes: https://securityweekly.com/esw-466
  • Enterprise Security Weekly (Audio)

    Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465

    29/06/2026 | 1h 40 mins.
    Interview with Adriel Desautels - the pentest is broken
    Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it.
    Segment Resources:
    https://hbr.org/2026/04/boards-are-falling-short-on-cybersecurity
    https://www.scworld.com/perspective/how-to-build-a-breach-ready-security-posture-without-the-enterprise-price-tag
    https://netragard.com/blog/what-is-penetration-testing/
    Topic: Why Meta is destroying its engineering organization
    The titular essay: https://newsletter.pragmaticengineer.com/p/why-is-meta-destroying-its-engineering
    A very interesting analysis of what's going on inside big tech companies as they try to dogfood their own AI hype and tokenmaxx themselves into oblivion. There have been a LOT of stories on this, but this is the most comprehensive and enlightening. A few more are linked below.
    This is relevant to security, because heavier AI use appears to be linked to a much higher occurrence of availability and security issues.
    'Tell Him He's a Piece of Shit': Meta's New AI Unit Is a Total Mess
    The Newest Instagram "Exploit" is the Goofiest I've Seen
    Meta CTO Andrew Bosworth Admits the Company's AI Reorg Was 'Atrocious'
    Meta's months-old AI unit is a soul-crushing gulag, say the engineers stuck inside it
    The Weekly Enterprise News
    Finally, in the enterprise security news,
    an AI vibe check
    An AI SOC vendor shuts down
    Cybersecurity vendor layoffs
    funding & acquisitions
    cascading breaches
    digital estate management
    criminals don't trust AI either
    some devs won't code without AI, even if you pay them to
    Midjourney is now a healthcare company?
    All that and more, on this episode of Enterprise Security Weekly.
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Show Notes: https://securityweekly.com/esw-465
  • Enterprise Security Weekly (Audio)

    Navigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - Ankita Gupta - ESW #464

    22/06/2026 | 1h 37 mins.
    Interview with Ankita Gupta, CEO of Akto
    How to Navigate Shadow AI Risk in the enterprise
    This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech leaders should do next with this information: apply guardrails? Limit vendor options?
    Ankita has a wealth of experience and anecdotes to share here, from years of working with customers and seeing all the unexpected things that happen with AI in today's workplace.
    Segment Resources:
    Website: https://www.akto.io
    Book a Free Demo: https://www.akto.io/agentic-security-demo
    LinkedIn: https://www.linkedin.com/company/akto-io
    YouTube: https://www.youtube.com/@aktodotio
    This segment is sponsored by Akto. Visit https://securityweekly.com/akto to secure your AI agents before attackers do.
    Topic Segment: Verizon's Breach Impact Study
    The same team that delivers the DBIR every year gave us a bonus, based on over 70,000 insurance claims!
    Some of my favorite insights:
    Cost of breaches, broken out by SMB, mid-sized enterprise, and large
    The claim amount as a percentage of the company's revenue
    Losses broken down by loss TYPE
    This data validates something I think everyone in cyber needs to understand: cyber events are rarely business-ending events. Every cybersecurity professional and vendor, frustrated by companies "not taking security seriously enough" now have data explaining why: breaches don't hurt as much as you thought they did. Maybe you think they should hurt more? Push for regulation/fines/etc.
    With that said, the report also shows breach costs increasing significantly over the past 6 years and the quantity of incidents shooting up. Specifically, the median impact has almost doubled.
    Security failures aren't getting any cheaper.
    Weekly Enterprise News
    Finally, in the enterprise security news,
    A $100M seed round!
    Accenture acquires 3 security vendors
    Some thoughts on the government takedown of Fable and Mythos
    One of the craziest security mistakes I've ever seen, in the software FIFA uses to manage World Cup streams!
    A Critical Copilot vulnerability
    75,000 Fortinet Firewalls get compromised
    Remediation is broken
    Using guardrails to evade detection
    All that and more, on this episode of Enterprise Security Weekly.
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Show Notes: https://securityweekly.com/esw-464
  • Enterprise Security Weekly (Audio)

    Safe AI at scale, what happens after initial access, and the weekly enterprise news - Albert Estevez Polo, Shiva Pillay - ESW #463

    15/06/2026 | 1h 31 mins.
    Interview with Shiva Pillay from Veeam
    Safe AI at Scale
    AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That's the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than just great models—it demands trusted, governed, and recoverable data.
    This segment is sponsored by Veeam. Visit https://securityweekly.com/veeam to learn more about them!
    Segment resources:
    Veeam Launches New Data and AI Trust Maturity Model to Help Organizations Benchmark AI Readiness
    Topic: Sure, we know how initial access works, but what about lateral movement?
    A special topic segment where we're joined by Albert Estevez Polo, field CTO for Zero Networks (a community guest, not a podcast sponsor). Zero Networks just released some very interesting data on what attackers are doing after they gain access to victim's environments and how they're doing it.
    Segment Resources:
    Link to report page
    Weekly Enterprise Security News
    Finally, in the enterprise security news,
    Funding and acquisitions
    Good news, Mythos isn't dangerous anymore!
    An excellent breach analysis
    Cyber insurance rates are dropping, but there's a catch
    CISA updates vulnerability remediation guidance
    Zoom calls are worse than you think, and maybe not for the reasons you think
    Remember when it was illegal to rip DVDs?
    All that and more, on this episode of Enterprise Security Weekly.
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Show Notes: https://securityweekly.com/esw-463
  • Enterprise Security Weekly (Audio)

    The State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - Filip Stojkovski - ESW #462

    08/06/2026 | 1h 37 mins.
    Interview with Filip Stojkovski on the State of AI in SecOps
    Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked project. We also discuss how most of the market has traditionally been focused on the "middle" of the process, which is effectively alert management. Where the conversation really gets interesting is shifting left to discuss building better quality detections.
    Segment Resources:
    Be sure to check out SecOps Unpacked - it has more than just vendor information: there are articles, frameworks, podcast episodes, research, and articles/thought leadership
    Topic: The Unintended Consequences of Vulnmaxxing
    We discuss my latest blog post where I share a theory that perhaps Project Glasswing is a clever exclusive freemium tier, where Anthropic is hoping to ensnare the world's largest producers of software into using its most expensive model to fix their code for the foreseeable future, creating a much needed new revenue stream for the AI giant with a Trillion dollar valuation.
    There are some potential unintended consequences that come along with an expensive vulnerability discovery/remediation process that threatens to raise the security poverty line and leave less wealthy companies behind.
    The Weekly Enterprise News
    Finally, in the enterprise security news,
    If you were starting a cybersecurity company today, which category would you pick?
    layoffs
    funding
    the White House AI executive order
    OpenAI's frontier governance framework
    Anthropic's Zero Trust for AI agents guide
    IBM's vulnmaxxing efforts
    RICO as a service for job seekers
    Instagram had possibly the most embarrassing hack ever
    All that and more, on this episode of Enterprise Security Weekly.
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Show Notes: https://securityweekly.com/esw-462
More Education podcasts
About Enterprise Security Weekly (Audio)
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Ayman Elsawah, Jason Wood, Jackie McGuire, Sean Metcalf.
Podcast website

Listen to Enterprise Security Weekly (Audio), The Jefferson Fisher Podcast and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features