loader from loading.io

Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - HD Moore, Jason Passwaters, J.J. Guy, Theresa Lanowitz, Mickey Bresman, Yuval Wollman, Jawahar “Jawa” Sivasankaran - ESW #423

Security Weekly Podcast Network (Audio)

Release Date: 09/08/2025

How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 show art How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348

Security Weekly Podcast Network (Audio)

This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start off discussing how Scott and other leaders have managed to keep up with the crazy rate of change in the AI world. We pivot to discussing some of the specific projects the team is working on, and finally discuss some of the biggest AI security...

info_outline Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424 show art Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424

Security Weekly Podcast Network (Audio)

Segment 1 - Interview with Jeff Pollard For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent...

info_outline Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More... - SWN #511 show art Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More... - SWN #511

Security Weekly Podcast Network (Audio)

Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More, on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:

info_outline Americans Can't Hack It - PSW #891 show art Americans Can't Hack It - PSW #891

Security Weekly Podcast Network (Audio)

This week: Americans Can't Hack It Copy and paste to get malware Pixel 5 web servers - because you can How they got in and why security is hard Vulnerability management is failing - is it dead yet? Exploiting hacker tools Bluetooth spending spree! How to defend your car IoT security solutions and other such lies Exploiting IBM i (formerly AS/400) Vibe coding vulnerabilities Plex is hacked again Bill's emoji ICE spies on phones Hackers be hackin' FreePBX Visit for all the latest episodes! Show Notes:

info_outline Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412 show art Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412

Security Weekly Podcast Network (Audio)

With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't...

info_outline Hellhounds, Anthropic, iCloud, NPM, gitforked, notdoor, TOR, Signal, Josh Marpet - SWN #510 show art Hellhounds, Anthropic, iCloud, NPM, gitforked, notdoor, TOR, Signal, Josh Marpet - SWN #510

Security Weekly Podcast Network (Audio)

AI Hellhounds, Anthropic, iCloud, NPM, gitforked, notdoor, TOR, Signal, WhatsApp, Josh Marpet, and more on the Security Weekly News. Visit for all the latest episodes! Show Notes:

info_outline Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 show art Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347

Security Weekly Podcast Network (Audio)

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it’s crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills...

info_outline Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - HD Moore, Jason Passwaters, J.J. Guy, Theresa Lanowitz, Mickey Bresman, Yuval Wollman, Jawahar “Jawa” Sivasankaran - ESW #423 show art Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - HD Moore, Jason Passwaters, J.J. Guy, Theresa Lanowitz, Mickey Bresman, Yuval Wollman, Jawahar “Jawa” Sivasankaran - ESW #423

Security Weekly Podcast Network (Audio)

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit to...

info_outline AI Trolley Problems, Rhode Island Drivers, and Kohlbergian Post Conventionalism - SWN #509 show art AI Trolley Problems, Rhode Island Drivers, and Kohlbergian Post Conventionalism - SWN #509

Security Weekly Podcast Network (Audio)

Josh Marpet and Doug White talk about AI Ethics, Issues, and Compliance. AI Trolley problems, Rhode Island Drivers, and Post Conventionalism. Visit for all the latest episodes! Show Notes:

info_outline Lasagna DoS, AI Slop, Hacker Ultimatums - PSW #890 show art Lasagna DoS, AI Slop, Hacker Ultimatums - PSW #890

Security Weekly Podcast Network (Audio)

In the secure news: Automakers respond to Flipper Zero attacks More on the unconfirmed Elastic EDR 0-Day When Secure Boot does its job too well Crazy authenitcation bypass Hacker ultimatums AI Slop Impatient hackers Linux ISOs are malware Attackers love drivers Hacking Amazon's Eero, the hard way Exploits will continue until security improves The Salesloft breach TP-Link Zero Days US DoD using Russian software? The Lasagna DoS attack Visit for all the latest episodes! Show Notes:

info_outline
 
More Episodes

Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere.

Visit https://securityweekly.com/levelbluebh to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research.

In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines.

This segment is sponsored by CyberProof. Visit https://securityweekly.com/cyberproofbh to learn more about them!

Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis’ recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go.

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to download the 2025 Global Ransomware Report!

Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach.

Would you like to see the Sevco platform in action? You can take a self-guided tour at https://securityweekly.com/sevcobh

Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today’s most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces.

This segment is sponsored by Intel471. Visit https://securityweekly.com/intel471bh to learn more about them!

CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need.

Try runZero free! Get started at https://securityweekly.com/runzerobh

Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms.

To explore Cyware’s new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit https://securityweekly.com/cywarebh.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-423