Security Weekly Podcast Network (Audio)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!

AI Nuns, Steganography, You're fired, VoidProxy, C++, Carplay Apriso, Josh Marpet... - SWN #512 09/16/2025

How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348 09/16/2025

Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424 09/15/2025

Forrester's AEGIS Framework, the weekly news, and interviews with Fortra and Island - Jeff Pollard, Rohit Dhamankar, Michael Leland - ESW #424 Segment 1 - Interview with Jeff Pollard For this episode’s interview, we’re talking to Forrester analyst Jeff Pollard. I’m pulling this segment’s description directly from the report’s executive summary, which I think says it best: As AI agents and agentic AI are introduced to the enterprise, they present new challenges for CISOs. Traditional cybersecurity architectures were designed for organizations built around people. Agentic AI destroys that notion. In the near future, organizations will build for goal-oriented, ephemeral, scalable, dynamic agents where unpredictable emergent behaviors are incentivized to accomplish objectives. This change won’t be as simple or as straightforward as mobile and cloud — and that’s bad news for security leaders who in some cases still find themselves challenged by cloud security. Segment 2 - Weekly News Then, in the enterprise security news, there’s funding and acquisitions, but we’re not going to talk about them AI’s gonna call the cops on you and everyone’s losing money on it and Anthropic agreed to pay for all the copyright infringement they did when training models and got sued for recording millions of conversations without consent Burger King got embarrassed and their lawyers didn’t like it NPM package mayhem certificate authority hijinks AI darwin awards All that and more, on this episode of Enterprise Security Weekly. Segment 3 - Executive Interviews from Black Hat 2025 Interview with Rohit Dhamankar from Fortra Live from Black Hat 2025 in Las Vegas, Matt Alderman sits down with Rohit Dhamankar, VP of Product Strategy at Fortra, to dive deep into the evolving world of offensive security. From red teaming and pen testing to the rise of AI-powered threat simulation and continuous penetration testing, this conversation is a must-watch for CISOs, security architects, and compliance pros navigating today's dynamic threat landscape. Learn why regulatory bodies worldwide are now embedding offensive security requirements into frameworks like PCI DSS 4.0, and how organizations can adopt scalable strategies—even with limited red team resources. Rohit breaks down the nuances of purple teaming, AI-assisted red teaming, and the role of BAS platforms in enhancing defense postures. Whether you’re building in-house capabilities or leveraging external partners, this interview reveals key insights on security maturity, strategic outsourcing, and the future of cyber offense and defense convergence. This segment is sponsored by Fortra. Visit to learn more! Interview with Michael Leland from Island At BlackHat 2025 in Las Vegas, Matt Alderman sits down with Michael Leland, VP Field CTO at Island, to tackle one of cybersecurity’s most urgent realities: compromised credentials aren’t a possibility — they’re a guarantee. From deepfakes to phishing and malicious browser plug-ins, attackers aren’t “breaking in” anymore… they’re logging in. Michael reveals how organizations can protect stolen credentials from being used, why the browser is now the second weakest link in enterprise security, and how Island’s enterprise browser can enforce multi-factor authentication at critical moments, block unsanctioned logins in real time, and control risky extensions with live risk scoring of 230,000+ Chrome plug-ins. Key takeaways: Why credential compromise is inevitable — and how to stop credential use How presentation layer DLP prevents data leaks inside and outside apps Real-time blocking of phishing logins and unsanctioned SaaS access Plug-in risk scoring, version pinning, and selective extension control Enabling BYOD securely — even after a catastrophic laptop loss Why many users never go back to Chrome, Edge, or Safari after switching Segment Resources: This segment is sponsored by Island. Visit to learn more! Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/38203450

Diella, Texas, Movie Rip Offs, WAF, AdaptixC2, Nano11, and More... - SWN #511 09/12/2025

Americans Can't Hack It - PSW #891 09/11/2025

Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412 09/10/2025

Forrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn, Matt Muller, Danny Jenkins - BSW #412 With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker’s new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you’re a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: This segment is sponsored by ThreatLocker. Visit to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can’t afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit to learn more about them! Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/38147015

Hellhounds, Anthropic, iCloud, NPM, gitforked, notdoor, TOR, Signal, Josh Marpet - SWN #510 09/09/2025

Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 09/09/2025

Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347 Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity’s door. They discuss the terrifying reality of quantum computing’s power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it’s crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor’s acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don’t wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: For more information about Keyfactor’s latest Digital Trust Digest, please visit: Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization’s crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you’re a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it’s crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: This segment is sponsored by Breachlock. Visit to learn more about them! Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/38135900

Ransomware, Agentic AI, and Supply Chain Risks: Insights from Black Hat 2025 - HD Moore, Jason Passwaters, J.J. Guy, Theresa Lanowitz, Mickey Bresman, Yuval Wollman, Jawahar “Jawa” Sivasankaran - ESW #423 Doug White sits down with Theresa Lanowitz, Chief Evangelist at LevelBlue, for a powerful and timely conversation about one of cybersecurity’s most pressing threats: the software supply chain. Theresa shares fresh insights from LevelBlue’s global research involving 1,500 cybersecurity professionals across 16 countries. Together, they unpack the real-world risks of software acquisition in the API economy, the explosive growth of AI-generated code, and the rise of “vibe coding”—and how these trends are silently expanding the attack surface for organizations everywhere. Visit to download the Data Accelerator: Software Supply Chain and Cybersecurity as well as all of LevelBlue's research. In this interview, Yuval Wollman, President of CyberProof, unpacks how AI agents are not only expanding the attack surface—but reshaping the entire cyber threat landscape. Discover how ransomware-as-a-service platforms like Funksec and Dragonforce are operating with enterprise-level precision. Learn about the role of agentic AI, geopolitical cyber warfare, and why today's hackers offer better customer support than airlines. This segment is sponsored by CyberProof. Visit to learn more about them! Doug White and Mickey Bresman, CEO of Semperis, dive deep into a conversation on the evolution of ransomware and the alarming rise of cyber extortion tactics. From the early days of encryption-only attacks to today's ransomware-as-a-service operations and hybrid threats blending digital and physical intimidation, this interview unpacks the growing sophistication of organized cybercrime. Mickey shares firsthand insights from Semperis’ recent ransomware report, including a chilling real-world example where a photo of a child was used to threaten an IT professional — illustrating how far threat actors are willing to go. This segment is sponsored by Semperis. Visit to download the 2025 Global Ransomware Report! Matt Alderman sits down with J.J. Guy, CEO & Co-Founder of Sevco Security, to unpack a 20-year industry failure finally being addressed: the disconnect between asset inventory, vulnerability visibility, and true cyber risk understanding. From the roots of CASM (Cyber Asset Attack Surface Management) to the convergence with CTE (Continuous Threat Exposure), JJ shares how Sevco is tackling today's fragmented environments — spanning cloud, on-prem, mobile, and containers — with a data-first approach. Would you like to see the Sevco platform in action? You can take a self-guided tour at Doug White sits down with Intel 471 CEO Jason Passwaters for an eye-opening conversation on how cybercrime has evolved into a professional, profit-driven ecosystem. From ransomware-as-a-service to agentic AI, this interview pulls back the curtain on the real-world intel enterprises need to defend against today’s most dangerous digital threats. Jason shares how threat actors are using business models that rival legitimate startups — complete with support teams and customer service — while enterprise security teams face shrinking budgets and expanding attack surfaces. This segment is sponsored by Intel471. Visit to learn more about them! CyberRisk TV sits down with HD Moore, CEO & Co-Founder of runZero, for a conversation on why vulnerability management is still failing enterprises — and what needs to change now. This interview dives deep into the real-world challenges facing security teams today: tool overload, missing assets, unauthenticated exposures, and the illusion of visibility. HD reveals how attackers are exploiting blind spots faster than defenders can react — and why unauthenticated discovery is the secret weapon defenders need. Try runZero free! Get started at Jackie McGuire sits down with Jawahar Sivasankaran, President at Cyware, for an unmissable deep dive into the future of Cyber Threat Intelligence (CTI), agentic AI, and open-source security innovation. With nearly three decades of experience spanning hands-on engineering, go-to-market leadership, and cutting-edge product strategy, Jawahar shares insider insights on how CTI is evolving from fragmented alerts to unified, automated threat intelligence platforms. To explore Cyware’s new Intelligence Suite, CTI automation capabilities, and open-source AI integration protocol, visit . Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/38105580

AI Trolley Problems, Rhode Island Drivers, and Kohlbergian Post Conventionalism - SWN #509 09/05/2025

Lasagna DoS, AI Slop, Hacker Ultimatums - PSW #890 09/04/2025

Security Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Haleliuk - BSW #411 09/03/2025

Rinoa Poison, Scambaiter Extraordinaire - Rinoa Poison - SWN #508 09/02/2025

AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346 09/02/2025

AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346 In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it’s too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker’s dream. Blog: Survey Report: This segment is sponsored by Salt Security. Visit for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: - Why AI coding tools are increasing code complexity and risk - The massive cost of unnecessary APIs in cloud environments - How to automate secure code without slowing down delivery - Why most CISOs fail to connect security to revenue (and how to fix it) - How Apiiro’s Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn’t just another AI hype talk. It’s a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: Deep Dive Demo: This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at . Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: - How AI is being rapidly adopted across enterprises — with or without security buy-in - Why AI governance is no longer optional — and how to actually implement it - The truth about agentic AI, automation, and building trust in non-human identities - The role of frameworks like ISO 42001 in building AI transparency and assurance - Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don’t wait until it’s too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: For more information about GitLab and their report, please visit: Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won’t save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit to learn more about them! Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/38023710

Dave Lewis talks M&A due diligence, TBD topic, the weekly news - Dave Lewis - ESW #422 09/01/2025

Astro Oblivion, FreePBX, GitHub, OWASP, Promptlock, Claude Aaran Leyland - SWN #507 08/29/2025

Hackers Steal Your Car and Vulnerabilities - Rob Allen - PSW #889 08/28/2025

vCISO Benefits as the CISO Becomes Strategic and the Board's Responsible for Security - Brian Haugli - BSW #410 08/27/2025

Naughty RBG, Docker, RDP, SBOMS, Kullback-Leibler, Oneflip, Youtube, Josh Marpet... - SWN #506 08/26/2025

Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345 08/26/2025

Oktane Preview with Harish Peri, Invisible Prompt Attacks, and the weekly news! - Harish Peri - ESW #421 08/25/2025

Oktane Preview with Harish Peri, Invisible Prompt Attacks, and the weekly news! - Harish Peri - ESW #421 Interview with Harish Peri from Okta Oktane Preview: building frameworks to secure our Agentic AI future Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective. How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year’s Oktane event, and we aim to kick off the conversations a little early - with this interview! Segment Resources: Check out securityweekly.com/oktane for all our live coverage during the event this year! More information about the event and how you can attend can be found here: Topic - Indirect Prompt Injection Getting Out of Hand Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen. Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled . Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling . Sourcegraph's Amp Code , which encodes instructions to make them invisible. What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done? News Finally, in the enterprise security news, Drones are coming for you… to help? One of the most powerful botnets ever goes down Phishing training is still pointless Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff vulns galore in commercial ZTNA apps GenAI projects are struggling to make it to production Adblockers could be made illegal - in Germany Windows is getting native Agentic support Automating bug discovery AND remediation? Public service announcement: time is running out for Windows 10 All that and more, on this episode of Enterprise Security Weekly. Visit for all the latest episodes! Show Notes: /episode/index/show/pauldotcom/id/37923865