Podcasts about OAuth

This episode features Geoffrey Mattson, CEO of SecureAuth, joined by co-host Sarah Cicchetti, Director of Product Management at Semperis.Geoffrey has spent decades building and leading companies at the intersection of AI and cybersecurity, including MistNet.ai, an AI-native threat detection platform acquired by LogRhythm, and Xage Security, where he drove zero trust adoption across the U.S. military, global energy firms, and Fortune 500 enterprises. At SecureAuth, he leads a platform built around continuous, real-time identity authority across workforces, APIs, and AI agents.In this episode, Geoffrey argues that agents combine the speed of automation with the unpredictability of humans, making real-time per-action authorization the only viable control model. He discusses why “friendly fire” from well-meaning employees is the biggest threat vector right now, how MCP vendors are ignoring their own OAuth spec, and what a practical agent rollout with real guardrails actually looks like.This episode reframes authorization as the problem the identity industry has been deferring for years and can no longer avoid.Guest Bio Geoffrey Mattson is a serial entrepreneur and globally recognized cybersecurity and AI executive with decades of experience building market-defining companies and technologies that protect the world's most critical systems.He is currently CEO of SecureAuth, a leader in AI-driven identity and access management with its Continuous Authority, ensuring ongoing verification across workforces, customers, APIs, and AI agents. This is enabled through its Private Authority Platform, which puts authentication and authorization under your control through any deployment model (cloud, on prem, hybrid, air-gapped).Prior to SecureAuth, Mattson served as CEO of Xage Security, where he led the company in Zero Trust for critical environments from energy to agentic AI. Under his leadership, Xage achieved rapid adoption across the U.S. military, global energy firms, and Fortune 500 enterprises.Previously, Geoffrey Mattson was co-founder and CEO of MistNet.ai, an AI-native threat detection platform acquired by LogRhythm. He pioneered decentralized analytics and machine learning approaches for real-time cyber defense, and later served as SVP of Product at LogRhythm, driving global expansion and shaping the next generation of SIEM/SOAR solutions.Earlier, he held senior executive roles at Juniper Networks, overseeing a $2B product portfolio and leading major M&A efforts, and at Huawei Technologies as SVP and CTO for networking and data center platforms. His engineering leadership at Corona Networks, Caspian, and Bay Networks helped build foundational technologies in network and security architecture.Guest Quote “With agents, you have the power and the speed of an automated process with the unpredictability of a human. And in fact, we are seeing their behavior and their psychology makes them even perhaps less predictable than a human.”Time stamps 01:45 Meet Geoffrey Mattson: Serial Entrepreneur and Cybersecurity Executive 02:40 Why Identity Is Having a Moment 08:40 Defining Agent Identity 12:15 Behavioral Guardrails for Agents 14:37 Agent Identity Lifecycle 17:36 Just-in-Time vs. Standing Privilege 18:02 C-Suite Pressure and Friendly Fires 21:00 When Agents Live Off the Land 26:12 MCP, OAuth, and Token Pitfalls 28:04 Threat Models and Rollout Strategy 30:13 LLMs and Policy Authoring 31:23 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.LinksConnect with Geoffrey on LinkedInConnect with Sarah on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

Microsoft's Coreutils for Windows https://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/19672 OAuth marketplace apps keep access after publishers vanish https://www.helpnetsecurity.com/2026/06/04/oauth-marketplace-apps-audit/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

Send us Fan MailThe breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach private repository files and ultimately an NPM token that could enable a supply chain attack.From there, we zoom out to the bigger cloud security problem: non-human identities. Service accounts, API keys, and OAuth tokens multiply fast, and they are frequently overprivileged, poorly tracked, and left active long after an integration is retired. We also talk about why SaaS-to-SaaS connections are so hard to secure, and why agentic AI makes visibility even more urgent. If you do not know what systems are connected, what data crosses those links, and who owns the risk, you are effectively trusting an invisible tunnel into your environment.To make this actionable, we lay out a four-phase third-party risk management (TPRM) framework you can apply immediately: build a vendor and integration inventory with tiering, run real due diligence (SOC 2 Type II, ISO 27001, data access scope, subprocessors and fourth parties), lock protections into contracts (DPA language, right to audit, breach notification expectations), then enforce ongoing monitoring and governance with quarterly token reviews, logging, and incident response playbooks. If you are studying for the CISSP, you will also see exactly how this maps to Domain 1, Domain 3, Domain 4, and Domain 5.Subscribe for more practical CISSP training, share this with a teammate who owns vendor approvals, and leave a review so more security pros can find it. What is the one integration you would audit first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Outcome-based managed security and attached vendor warranties are driving a new form of coverage-based vendor lock-in for MSPs and IT service providers. Vendors such as Intezer and SPECTRA are introducing performance guarantees, SLAs, and cyber resilience warranties that require MSPs to fully standardize on their architectures. This evolving model shifts accountability for enforcement and risk management from the individual MSP to the vendor's operating model, thereby altering the independent role of the MSP within client environments. A notable example is Intezer's Amplify Partner program, which asserts that its platform can process 100% of security alerts while escalating fewer than 2% for human review—claims the company frames as outcomes rather than product specifications. SPECTRA's use of certification-linked warranties, distributed via Ingram Micro, establishes channel-distributable assurance products with explicit conditions attached at every level. According to a Check Point report, while 77% of organizations report having adopted AI for cloud security, only 26% feel capable of enforcing those strategies, revealing a gap between security intent and operational ability. This structural shift is further illustrated by Merlin Cyber's FedRAMP managed service offering, Lumen's MDR enhancements targeting mid-market MSPs, and Trustlogix's addition of intent-based authorization controls. The FBI's announcement regarding Microsoft 365 OAuth token hijacking and recent vulnerabilities in widely used platforms like ConnectWise Automate underscore the real-world risks of automation platforms being targeted. These developments collectively point to growing operational complexity, rising compliance burdens, and the need for MSPs to separate their commitments from upstream vendor claims. For operators, the trend demands increased scrutiny of warranty terms, claim denial conditions, and SLA language before making any client-facing assurances. MSPs risk absorbing liability if they repeat vendor marketing claims without contractual clarity or operational control. Effective governance now requires independently produced, audit-ready evidence that documents compliance and enforcement separate from vendor portals. As assurance sales proliferate, the operational gap between acting as an underwriter versus a reseller will drive market differentiation, affecting both pricing structures and eligibility for vendor-backed coverage. 00:00 Channel-Ready Security 03:41 Policy vs. Reality 05:59 MFA Isn't Enough 09:12 Why Do We Care?    Supported by:  ScalePad Moovila   

Alex Nahas is 28 years old and has already initiated a W3C web standard. Working as a backend engineer at Amazon, he ran into a problem most enterprises face: MCP requires OAuth, but most enterprise infrastructure runs on SAML. His solution was elegant: run the MCP server in client-side JavaScript, letting AI agents use the browser's existing authentication context rather than rebuilding auth from scratch. What started as an internal tool became an open source project, then a viral Hacker News post published while under anesthesia, and ultimately an invitation from Google and Microsoft to help shape WebMCP as an official web standard. In this episode, Alex and Tobi explore what WebMCP actually is, why the browser is the most underestimated sandbox in AI development, and what the agentic web might look like two years from now. Topics covered: What MCP actually is and why it's just an RPC framework at its core Why OAuth is a dealbreaker for most enterprise infrastructure How WebMCP lets AI agents operate within existing browser authentication The Hacker News post that started it all, and why Alex doesn't remember posting it How Chrome is natively building WebMCP support The chicken-and-egg problem of standard adoption Real-time bidding for agents and what it means for digital advertising Why agents don't need their own identity Where the agentic web is headed in the next two years

Episode 422 is the debut of Decoded by Identity at the Center, a new sub-series hosted by Jeff Steadman and Sean O'Dell dedicated to unpacking the specifications and standards powering IAM. Joining them is Pieter Kasselman, VP of Open Standards at Defakto and chair of the WIMSE working group. The conversation covers why traditional non-human identity approaches break at agentic scale, how SPIFFE and SPIRE enable short-lived automated credential provisioning without long-lived secrets, and why treating agents as workloads unlocks a decade of existing standards. Pieter walks through critical OAuth specs including JWT authorization grant, token exchange, client ID metadata, and the emerging transaction tokens draft. Sean connects these to practical gateway architecture, continuous access evaluation, and policy-based authorization. The episode closes with real-world deployment examples and a clear takeaway: the tools to secure agentic identity are available today.Episode Links:Pieter Kasselman: https://www.linkedin.com/in/pieter-kasselman-0259862/AI Agent Authentication and Authorization: https://datatracker.ietf.org/doc/draft-klrc-aiagent-auth/Workload Identity in Multi-system environments (WIMSE): https://ietf-wg-wimse.github.io/OAuth SPIFFE Client Authentication: https://datatracker.ietf.org/doc/draft-ietf-oauth-spiffe-client-auth/Transaction Tokens: https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/08/Agentic Identity Control Framework. You Already Have the Pieces. Now Build It. by Sean O'Dell: https://www.linkedin.com/pulse/agentic-identity-control-framework-you-already-have-pieces-o-dell-61b5e/Timestamps:00:00 Introduction to Decoded by Identity at the Center00:13 The mission of the Decoded sub-series03:02 Guest intro: Pieter Kasselman, VP of Open Standards at Defakto06:21 Why agentic identity is urgent: scale, multi-platform, and shifting threat landscape10:42 The real cost of API keys and credential sprawl in agentic systems13:23 Agentic identity identifiers and how SPIFFE assigns unique workload IDs21:00 Credential types: X.509, JWTs, and workload identity tokens31:00 Connecting SPIFFE to OAuth and dynamic registration with client ID metadata38:18 SPIFFE SVIDs, multiple credentials per agent, and governance traceability41:44 Authentication versus authorization: delegation versus impersonation47:00 Transaction tokens: binding access to specific transactions to stop token theft51:21 Identity chaining and cross-domain authorization55:00 Shared Signals Framework and dynamic authorization57:00 Gateways, CAEP, and mid-flight token revocation for rogue agents59:31 What you can deploy today with SPIFFE, OAuth, and existing IDPs01:02:58 Policy-based access control and why instance-level governance cannot scale01:04:58 Workload identity federation: Anthropic and Google Agent ID updates01:07:13 Cross-platform federation and the law of agentic utility01:11:55 Elevator pitch: agents are workloads and 95% of the problem is solved now01:17:03 What is coming next: a transaction tokens deep diveKeywords:agentic identity, SPIFFE, SPIRE, OAuth, transaction tokens, Shared Signals Framework, WIMSE, workload identity, non-human identity, authorization delegation, JWT, CAEP, API gateway, IAM standards, AIMS, Jeff Steadman, Sean O'Dell, Pieter Kasselman, IDAC, Identity at the Center, Jim McDonald, Decoded by Identity at the CenterDecoded by Identity at the Center:Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Sean O'Dell: https://www.linkedin.com/in/seanodentity/Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Visit the show on the web at https://idacdecoded.com/

In this episode of Resilient Cyber, I sat down with Karl McGuinness — author of Control Plane and one of the sharpest voices working on identity in the agentic era — to unpack what most of the industry is still getting wrong about IAM for AI agents.Karl's thesis is a provocation: we spent two decades optimizing authentication and authorization, and we built that stack for human-paced execution. Agents remove the presence, pacing, and natural scope-limiting that made those controls work — and no amount of stronger credentials, tighter scopes, or faster JIT provisioning closes the structural gap. The real frontier isn't AuthN or AuthZ. It's delegation: how approved intent becomes bounded authority that stays governed across delegation chains, unfamiliar tools, consent expansion, revocation, and task termination.Chris and Karl dig into:↳ Why the industry optimized for the wrong question, and what changes when agents enter the loop ↳ The Execution Mandate — agents don't need your passport, they need your authority ↳ Why governing the stay matters more than governing the entry, and what continuous evaluation of authority looks like in practice ↳ Mission-Bound OAuth, including Karl's own pessimistic case against it ↳ AAuth vs. OAuth as the substrate for agentic identity, and what signal will tell us which one wins ↳ Why Mission Shaping is necessary but not sufficient when quiet expansion, headless execution, and stale state are in play ↳ Open-world OAuth, MCP, and first-contact trust — what the newer standards solve and the substrate gaps no draft is closing ↳ ID-JAG and Cross-App Access (XAA): why enterprise SaaS needs to abandon app-by-app OAuth islands ↳ The widening gap between IETF drafts and the "agentic IAM" being sold at RSA, and the minimum viable posture for teams running agents in production todayWhether you're a CISO, an identity architect, or a security leader trying to separate vendor narrative from substrate reality, this is a clear-eyed map of where agentic IAM actually is and where it has to go.

AI agents are moving from answering questions to taking action. That changes everything for identity and access management.In this episode, Ken Huang joins Matt to break down why traditional IAM was not built for agentic AI, where service accounts and OAuth scopes fall short, and what CISOs should do now to govern agents before they hit production at scale.Episode LinksKen's substackKen's paper from 2011 on AI (he was way ahead!)NIST AI RMF

In this episode, Michael shares details from a major internal platform shift at work, including the decision to completely remove an underused public JSON API and rebuild integrations around real customer needs instead of hypothetical use cases. The conversation dives deep into Laravel Passport, Sanctum, OAuth flows, request authorisation, and some tricky edge cases around testing authenticated APIs.Jake then broadens the conversation into AI infrastructure, local model hosting, security implications of autonomous AI systems, NVIDIA hardware demand, and the future potential of photonic processors as a solution to the growing power and cooling bottlenecks facing AI workloads.Show linksLaravel PassportLaravel SanctumLaravel Passport actingAs testing helpersPHP enumsPHPStanLarastanZapierClaudeNVIDIA DGX systemsPhotonic processors

The episode identifies a structural shift in how AI adoption is being managed within IT environments: control and accountability are now central concerns, overtaking simple discussions of AI usage or feature deployment. Shadow AI—unmanaged or improperly governed AI agents—has emerged as a tangible risk vector. Government entities, such as the White House, and technology vendors including Microsoft, Cisco, and OpenAI are framing AI not only as a productivity tool but increasingly as a source of operational and security liabilities that demand more robust oversight. A key example comes from an incident reported by TechRepublic in which an AI agent within a coding workflow deleted both a production database and its backups, resulting in a prolonged, business-impacting recovery from a three-month-old backup. In parallel, the Hacker News highlighted findings from scans of one million exposed AI services, characterizing the market's current AI security posture as lacking, with many endpoints widely reachable unintentionally. Microsoft's public transition of Agent365 from preview to release was directly tied to fears over the risks associated with shadow AI, indicating industry recognition of autonomous agents as a new attack surface requiring governance. Supporting developments further validate this trend. Cisco's open sourcing of AI Bill of Materials (BOMs) tools, Wiz's tracking of non-human identities tied to AI workloads, and OpenAI's rollout of advanced account security all signal a growing industry emphasis on making AI deployments auditable and restrictable. Practices such as phishing-resistant authentication—driven by token theft campaigns analyzed by Microsoft—and continuous permission monitoring, as advocated by Material Security, are now increasingly viewed as necessary safeguards rather than optional enhancements. Providers like Enforcer and products such as Copilot Manager are explicitly focused on surfacing shadow AI usage and enforcing credential discipline, underlining the growing demand for proof-of-controls. MSPs and IT service providers now face greater operational complexity and contract risk tied to AI automation. Client expectations are shifting from baseline AI access to demonstrable governance—requiring non-human identity inventories, documented permission boundaries, and validated recovery frameworks for AI-powered workflows. Token harvesting and persistent OAuth grants increase the likelihood that MSPs will be held responsible not just for prevention, but for rapid containment, rollback, and producing evidence during security incidents. Failure to meet tightened SLAs around backup immutability, authentication protections, and agent visibility could soon become a material contract exposure. 00:00 Agents Gone Rogue 03:50 Govern the Agent 06:24 MSP at Risk 09:54 Why Do We Care?  Supported by:  CometBackup ScalePad  Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

Today’s headline news for Canadian IT solution providers: ServiceNow’s partner momentum is real – and the model is changing. Opening the Partner Day Keynote at Knowledge 2026 in Las Vegas Monday, SVP of Global Partnerships and Channels Michael Park led with a pointed Q1 headline: partner-sourced net new ACV doubled year-over-year, and partners delivered more than 50 per cent of Moveworks‘ net new business in the first 90 days following ServiceNow’s acquisition. The numbers put muscle behind a message the company is driving hard: this is a partner-led growth engine, not a direct play. The company rolled out two new tools to cement that model – a Partner Business Value Composer designed to help partners establish AI value baselines with customers, and a new Outcome Led Services methodology designed to move partners away from traditional time-and-materials billing toward monetizing business outcomes. As Constellation Research founder Ray Wang put it on stage: “The companies that will win are not the partners who try to rebuild the engine – they use the engines available to build the new car that doesn’t exist.” Three questions are opening every enterprise AI conversation – and governance is the one that’s sticking. Chief Customer Officer Chris Bedi laid out the framework partners should be using: How do I make AI real? How do I get to value faster? How do I govern AI everywhere? The governance question is emerging as the highest-urgency entry point – every enterprise is grappling with it whether or not they’ve articulated it. ServiceNow is positioning AI governance as the non-negotiable building block of any enterprise AI deployment, and is expected to announce a formal 100-day AI value guarantee at today’s Knowledge mainstage keynote – an offer partners will be able to use as a standardized starting point for customer engagements. The customer conversation is also shifting: “Pacesetters” that Bedi tracks as AI leaders are demonstrating 160 per cent ROI, and the story is no longer about cost reduction. Top-line revenue growth is what’s getting approvals right now. Nine in ten ServiceNow implementations go through partners – and the company is investing in that reality. Chief Learning Officer Jayney Howson put a sharp point on the session with a single stat: 90 per cent of all ServiceNow implementations are delivered by a partner. She framed the implication plainly: “You’re the last mile between buying an AI dream and seeing an AI reality.” In response, ServiceNow is making a significant investment in partner enablement – AI-assisted learning tools, a new simulated training environment, and a commitment to dramatically compress implementation training time from weeks to hours. The platform has approximately two million certified learners today, with a target of three million by end of next year. For Canadian partners evaluating where to deepen their ServiceNow practice, the message was hard to miss: the enablement infrastructure is being built, and the company is betting its partners are the ones who make the AI era real for enterprise customers. Also in brief: Nerdio launches Manager for MSP 7.0 as Microsoft cloud growth surges. The multi-tenant Microsoft management platform announced today that MSP ARR grew 51.8 per cent in 2025, with Microsoft 365 users inside the platform up more than 300 per cent year-over-year as MSPs expand their Microsoft practices beyond virtual desktop. Version 7.0 – in public preview as of today – adds four notable capabilities: a Prospect Tenant Assessment Wizard that scans a prospect’s Microsoft 365 environment and generates a client-ready security and efficiency gap report; native PSA integrations with Datto Autotask, ConnectWise, and Halo; Microsoft Purview compliance baselines; and a white-label reporting engine across Azure Virtual Desktop, Microsoft 365, and Azure. For MSPs trying to manage the whole Microsoft stack across dozens of tenants from a single pane of glass – and increasingly looking for tools that help them sell, not just manage – 7.0 has some practical additions worth a look. Anthropic takes a swing at the consulting industry. The company behind Claude announced today a $1.5 billion joint venture with Goldman Sachs, Blackstone, and Hellman & Friedman – not to license Claude, but to embed it inside enterprise workflows as a service. The model is being read as a direct shot at traditional consulting firms, and a clear signal about where AI services margin is flowing. For channel partners building AI practices, the venture is worth watching: Anthropic is structuring this as outcome-based deployment, backed by institutional capital that can go places traditional IT channel distribution cannot. ThreatDown makes a major channel pivot. The Malwarebytes spinoff announced last week that it has rebuilt its entire go-to-market model around a channel-first strategy – growing distribution from one per cent to 40 per cent of its business. The company is launching a new Nexus Partner Program with deal protection and margin incentives specifically designed for MSPs. For a cybersecurity brand that has been largely direct-led, this is a significant reversal and puts ThreatDown in direct competition for MSP mindshare with established channel-first security vendors. Cisco is acquiring Astrix Security for $350 million. The Israeli startup specializes in non-human identity security – securing the API connections, OAuth tokens, service accounts, and AI agent identities that are multiplying fast as agentic deployments scale. It’s a logical buy for Cisco as the attack surface around AI agents becomes one of the harder problems in enterprise security. Read Full Transcript TRANSCRIPT TO COME

Neste episódio comentamos sobre os desafios e as soluções técnicas para a aferição de idade na internet, um tema que ganhou forte destaque com as novas regras do ECA Digital. Você irá descobrir como funcionam os protocolos de conhecimento zero, também conhecidos como Zero-Knowledge Protocol ou ZKP, e de que forma eles permitem comprovar a maioridade de um usuário sem expor dados pessoais sensíveis. Você entenderá a diferença entre ferramentas invasivas, como a biometria facial, e métodos técnicos que respeitam a privacidade e a proteção de dados, utilizando criptografia aplicada e padrões internacionais de segurança da informação. Além disso, você vai aprender sobre os impactos práticos da regulamentação da ANPD no controle de acesso a conteúdos restritos e como evitar o rastreamento excessivo por grandes empresas de tecnologia. O debate também aborda táticas de engenharia social, destacando uma série educativa sobre phishing baseada na psicologia da fraude, que é um conhecimento essencial para evitar golpes online e vazamento de dados. Ao longo da discussão, você verá que é possível equilibrar a proteção no ambiente digital com a garantia da intimidade, sem adotar modelos de vigilância em massa durante a autenticação de sistemas. Para não perder nenhuma discussão sobre tecnologia, direito e sociedade, assine o podcast na sua plataforma de áudio favorita e siga nossos perfis no YouTube, Mastodon, Blue Sky, Instagram e TikTok. Aproveite para avaliar o programa e compartilhar o conteúdo com outras pessoas interessadas no assunto. Você também pode apoiar o projeto acessando a plataforma de financiamento coletivo indicada no áudio ou enviando suas dúvidas e sugestões diretamente para o nosso e-mail oficial. Esta descrição foi realizada a partir do áudio do podcast com o uso de IA, com revisão humana  Visite nossa campanha de financiamento coletivo e nos apoie!  Conheça o Blog da BrownPipe Consultoria e se inscreva no nosso mailing ShowNotes The Psychology of Fraud, Persuasion and Scam Techniques LEI Nº 15.211, DE 17 DE SETEMBRO DE 2025 – Dispõe sobre a proteção de crianças e adolescentes em ambientes digitais (Estatuto Digital da Criança e do Adolescente) DECRETO Nº 12.880, DE 18 DE MARÇO DE 2026 – Regulamenta a Lei nº 15.211, de 17 de setembro de 2025, que dispõe sobre a proteção de crianças e adolescentes em ambientes digitais, e institui a Política Nacional de Promoção e Proteção dos Direitos da Criança e do Adolescente no Ambiente Digital. Mecanismos confiáveis de aferição de idade – ORIENTAÇÕES PRELIMINARES Radar tecnológico – Mecanismos de aferição de idade

Limited BONUS: First 1,000 builders get $1,000. Claim yours while supplies lasts.: https://startup-ideas-pod.link/hyperagent I sit down with Howie Liu, co-founder and CEO of Airtable, to talk about the agent economy and the launch of HyperAgent. We walk through Sequoia's charts on AI agent deployment, the economics of token-based work versus human labor, and why frontier agents have crossed a threshold that changes how companies get built. Howie then does a live show-and-tell of HyperAgent, including a custom "Greg Isenberg contrarian AI" skill he spins up in real time. This one is for anyone building a solopreneur business, operating a fleet of agents, or trying to figure out where to place their bet in the agent ecosystem Timestamps 00:00 – Intro 02:22 – Sequoia's AI agent deployment chart reaction 04:41 – Copilot vs Autopilot territory and the $1T+ opportunity 08:13 – Agent economics vs human labor costs 11:12 – Fastest enterprise adoption curve in history 14:48 – The agent command center and fleet of 20 agents 18:03 – What is HyperAgent? 19:43 – Live demo: hyperlocal real estate market reports 22:38 – HyperAgent as the founder, not just the developer 23:21 – Street View, Zillow redesigns, and visual tool power 24:15 – Command center view across a fleet of agents 25:48 – Skills as the key primitive for frontier agents 26:30 – Building the Greg Isenberg contrarian AI skill live 32:31 – HyperAgent vs Perplexity Computer, Manus, OpenClaw, Codex 34:52 – Reviewing writing skill 36:55 – The arbitrage of persistence 41:31 – Confidence milestones: first dollar, $10K/month 35:27 – Reviewing contrarian tweet drafts live 45:05 – Giving the agent feedback and building rubrics 50:15 – Connectors, OAuth, and building custom API skills 53:03 – How to get started with HyperAgent 01:01:54 – Credit giveaway for listeners 01:03:31 – Closing Thoughts Key Points Frontier agents have crossed a threshold in the last 4–5 months where they function as true autonomous coworkers, not just chat assistants. Reframe agent cost by value delivered: a $150 token spend for a board memo beats hours of human time, so anchor on opportunity cost. The real arbitrage is persistence: 99% of people quit after one shot, while daily practice for 30/60/90 days produces top 1% operators. Skills are the most important primitive in frontier agents, turning generally intelligent models into domain experts through playbooks. HyperAgent's differentiation is a low floor plus a high ceiling, with rubrics, LLM-as-judge evals, and fleet-wide observability for scaling. Aim for $100B companies with under 5 employees, built on fleets of always-on agents mapped to human job roles. The #1 tool to find startup ideas/trends - https://www.ideabrowser.com LCA helps Fortune 500s and fast-growing startups build their future - from Warner Music to Fortnite to Dropbox. We turn 'what if' into reality with AI, apps, and next-gen products https://latecheckout.agency/ The Vibe Marketer - Resources for people into vibe marketing/marketing with AI: https://www.thevibemarketer.com/ FIND ME ON SOCIAL X/Twitter: https://twitter.com/gregisenberg Instagram: https://instagram.com/gregisenberg/ LinkedIn: https://www.linkedin.com/in/gisenberg/ FIND HOWIE ON SOCIAL X/Twitter: https://x.com/howietl Hyperagent: https://www.hyperagent.com Airtable: https://www.airtable.com-

Time to go through some of the update from the Atlassian ecosystem #OAuth2.0 #Trello #AIAssisted #Playbook #SLANotifications https://www.ravisagar.in/videos/atlassian-updates-oauth-20-trello-ai-assisted-playbook-easy-sla-notification-creation

Inside the Vercel Breach: Highlighting OAuth Token Risk  In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," with Vercel working with Mandiant on a breach allegedly being sold for $2 million. The episode emphasizes that MFA may not mitigate OAuth abuse, urges admin-managed consent, continuous inventory and auditing of OAuth grants, and better visibility into risky third-party app access across Google Workspace and Microsoft 365. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Special Edition Intro 00:14 Sponsor Message Meter 00:33 Supply Chain Hack Setup 01:16 Breach Seen In Wild 02:36 Meet Jamie Blasko 02:56 Who Is Vercel 04:34 How The Breach Happened 05:58 Context AI And Shadow IT 07:58 OAuth Controls And Audits 09:11 Impact And Open Questions 11:24 Why MFA Falls Short 12:22 Where To Get Help 14:07 Host Takeaways OAuth Risk 14:53 What To Do Next 16:06 Wrap Up And Feedback 16:42 Sponsor Close Meter 17:24 Final Sign Off          

A .WAV With A Payload https://isc.sans.edu/diary/A%20.WAV%20With%20A%20Payload/32910 The Phishy GitHub Issue Case https://blog.atsika.ninja/posts/the-phishy-github-issue-case/ P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet https://morganrobertson.net/p4wned/

Send us Fan Mail“Too dangerous to release” is a bold claim in cybersecurity, so we treat it like any other security headline: we interrogate it. We kick off our monthly news round-up by welcoming Catherine McNamara as a permanent co-host, then dig into Anthropic's Mythos preview model and Project Glasswing, positioned as an AI security and threat intelligence leap that can allegedly find zero-day vulnerabilities at a level the public shouldn't have yet. We ask the uncomfortable questions: where's the independent evidence, what does high-fidelity vulnerability discovery actually look like, and how do we avoid drowning in AI-generated noise?From there, the discussion gets messier in the way real security always is. We talk about tokens, paid code security reviews, and how incentives change when AI companies chase growth, IPO pressure, and government contracts. We also unpack why “ethical” restrictions are hard to enforce in practice and how rumors of source code leaks and fast rewrites complicate any promise of controlled access. If powerful agencies can use AI to speed up exploit discovery, even lower-severity bugs can become dangerous when chained into real attacks.Then we pivot to a concrete lesson every org can use: the Vercel breach. A supply chain compromise plus a single OAuth “Allow All” moment shows how identity and SaaS permissions failures can open the door to data exfiltration. We break down least privilege, blocking risky OAuth grants, shadow SaaS, and why a CASB can be the difference between a contained incident and a headline.We close by connecting AI layoffs to social and economic pressure, including CEO security fears, surprising UBI rhetoric, and Oracle laying off 30,000 people by email. If you care about AI, cloud security, appsec, and what these incentives are doing to the world, this one's for you. Subscribe, share the episode with a friend, and leave a review with your take: is the AI security boom helping defenders more than attackers?Purchase Chris and Tim's book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/Check out the Monthly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

This is a recap of the top 10 posts on Hacker News on April 21, 2026. This podcast was generated by wondercraft.ai (00:30): Framework Laptop 13 ProOriginal post: https://news.ycombinator.com/item?id=47852177&utm_source=wondercraft_ai(01:58): Laws of Software EngineeringOriginal post: https://news.ycombinator.com/item?id=47847179&utm_source=wondercraft_ai(03:27): ChatGPT Images 2.0Original post: https://news.ycombinator.com/item?id=47852835&utm_source=wondercraft_ai(04:55): Anthropic says OpenClaw-style Claude CLI usage is allowed againOriginal post: https://news.ycombinator.com/item?id=47844269&utm_source=wondercraft_ai(06:24): Claude Code to be removed from Anthropic's Pro plan?Original post: https://news.ycombinator.com/item?id=47854477&utm_source=wondercraft_ai(07:53): SpaceX says it has agreement to acquire Cursor for $60BOriginal post: https://news.ycombinator.com/item?id=47855293&utm_source=wondercraft_ai(09:21): Meta to start capturing employee mouse movements, keystrokes for AI trainingOriginal post: https://news.ycombinator.com/item?id=47851948&utm_source=wondercraft_ai(10:50): Tim Cook's Impeccable TimingOriginal post: https://news.ycombinator.com/item?id=47847324&utm_source=wondercraft_ai(12:19): The Vercel breach: OAuth attack exposes risk in platform environment variablesOriginal post: https://news.ycombinator.com/item?id=47851634&utm_source=wondercraft_ai(13:47): A Roblox cheat and one AI tool brought down Vercel's platformOriginal post: https://news.ycombinator.com/item?id=47844431&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

You learned how to prompt. Great. Now what?Most business leaders have figured out how to get decent answers from ChatGPT or Claude. But there's a massive gap between writing good prompts and actually building things that run your business. The people closing that gap right now aren't developers. They're business people who figured out one thing: you don't need to code when your browser can do it for you.In this session, Chris Daigle will open his actual setup — Claude Code paired with a browser agent — and build real solutions live. Not slides. Not theory. You'll watch him set up OAuth integrations, automate LinkedIn workflows, and tackle the kind of backend tasks that normally require a developer. All through a browser. All without writing a single line of code manually.Chris calls this evolution "thinking in builds" — the next level beyond prompting. It's where you stop asking AI for answers and start asking it to do the work. And the tools to do it are shockingly accessible: a free browser agent and a $20 Claude subscription.Chris Daigle is the founder of ChiefAIOfficer.com, where he helps mid-market executives and their teams develop AI strategy, implement AI across departments, and become AI-enabled businesses. He trains Chief AI Officers, keynotes at YPO and Vistage events, and has been deep in the agentic AI space since its earliest days. Chris brings the rare combination of strategic thinking and hands-on building.In this session, you'll discover:- How to pair Claude Code with a browser agent like Comet to build real workflows — step by step- What "thinking in builds" means and why it's the skill that separates AI users from AI builders- How to automate OAuth setups, API integrations, and other backend tasks without touching code- Real examples of browser agent workflows you can copy and use immediately- Why even seasoned AI professionals are underestimating what browser agents can do right now- How to safely sandbox your AI agents so they don't destroy your production environment- The exact copy-paste workflow Chris uses to go from idea to working solution in minutesThis is the session where prompting graduates to building. If you've been watching everyone talk about agents but haven't actually deployed one yourself, this is your starting point.About Leveraging AIThe Ultimate AI Course for Business People: https://multiplai.ai/ai-course/YouTube Full Episodes: https://www.youtube.com/@Multiplai_AI/Connect with Isar Meitis: https://www.linkedin.com/in/isarmeitis/ Join our Live Sessions, AI Hangouts and newsletter: https://services.multiplai.ai/eventsIf you've enjoyed or benefited from some of the insights of this episode, leave us a five-star review on your favorite podcast platform, and let us know what you learned, found helpful, or liked most about this show!

Episode 319 covers a range of industry developments, primarily focusing on the recent Vercel security incident and the evolving landscape of AI-driven compliance. The hosts detail how a Vercel employee's use of a consumer-level Context AI plan led to a workspace compromise via a leaked OAuth token, eventually allowing attackers to access sensitive environment variables. This leads to a critical discussion about the SOC 2 provider Delve, with the hosts addressing allegations regarding "fake" compliance automation and the general limitations of auditing frameworks that do not inherently equate to true security. This episode also explores the future of the Pull Request (PR) flow, debating whether traditional human-led code reviews are "dead" due to the massive volume of code generated by AI agents. While they acknowledge that startups are moving toward autonomous commits, Seth argues that the PR concept is evolving into a system of agentic attestation and guardrails rather than disappearing entirely. The episode concludes with community survey results on this shift and a reminder about the hosts' upcoming training sessions in Singapore.

Twee grote verhalen, één rode draad: de infrastructuur die je dagelijks gebruikt wordt tegen je ingezet — door staten én door commerciële partijen die aan staten verkopen. Deel 1 – APT28 FrostArmada: De FBI ontmantelt een Russische GRU-operatie (Operatie Masquerade) waarbij 18.000 SOHO-routers in 120 landen — MikroTik en TP-Link — zonder malware werden overgenomen. DNS-instellingen omgezet, en Microsoft 365 OAuth-tokens gestolen via een adversary-in-the-middle aanval. Court-authorized reset door de FBI. Historische parallel: MIVD/Cyclops Blink 2022 op Nederlandse routers. Deel 2 – Webloc/Penlink: Citizen Lab legt bloot hoe het Israëlische bedrijf Penlink via advertentiedata van 500 miljoen mobiele devices real-time locatie, Wi-Fi-netwerken, app-inventaris en gedragsprofielen verkoopt aan ICE, NYPD, het Amerikaanse leger en anderen — zonder rechterlijke toets. Inclusief uitleg van de RTB-bidstream en SDK-sourcing. Nieuwtjes: Cyberbeveiligingswet door de Tweede Kamer, Privacy Adviseur Binnenlandse Zaken over de Solvinity/Kyndryl/DigiD-overname, prompt injection via GitHub-comments in AI coding agents. BRONNEN Deel 1, APT28 FrostArmada > KrebsOnSecurity, “Russia hacked routers to steal Microsoft Office tokens” (7 april 2026): https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/ > FBI/DOJ persbericht (7 april 2026): https://www.ic3.gov/PSA/2026/PSA260407 > Lumen Black Lotus Labs, technische rapportage FrostArmada: [URL checken] Context: eerdere APT28 router-campagnes (VPNFilter 2018, Cyclops Blink 2022, Jaguar Tooth 2023) Volkskrant / Huib Modderkolk, “MIVD verstoort Russische digitale aanval op routers van Nederlandse burgers” (3 maart 2022): NL-historische precedent, Sandworm/eenheid 74455 gebruikte Cyclops Blink op tientallen NL-routers, MIVD ging er publiek mee naar buiten via directeur Jan Swillens Deel 2, Webloc / Penlink > Citizen Lab, “Analysis of Penlink's ad-based geolocation surveillance tech” (11 april 2026): https://citizenlab.ca/research/analysis-of-penlinks-ad-based-geolocation-surveillance-tech/ > Context: Carpenter v. United States (2018), SCOTUS-uitspraak over locatiedata en Fourth Amendment > Context: eerdere Locate X / Venntel onthullingen (Vice/Motherboard 2020-2022) Nieuwtjes > Cyberbeveiligingswet: https://www.rijksoverheid.nl/actueel/nieuws/2026/04/15/tweede-kamer-stemt-in-met-wetsvoorstellen-cyberbeveiligingswet-en-wet-weerbaarheid-kritieke-entiteiten > Volkskrant, "Privacy-adviseur Binnenlandse Zaken: overname van DigiD bedreigt veiligheid van Nederland" (16 april 2026): https://www.volkskrant.nl/tech/privacy-adviseur-binnenlandse-zaken-overname-van-digid-bedreigt-veiligheid-van-nederland~b6be96c0 > Aonan Guan, "Command and Control: ..." (15 april 2026): https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/

Vercel confirmed a breach traced to an AI platform's compromised OAuth app. The NSA is using Anthropic's Mythos despite the Pentagon blacklist. Mac Minis face 12-week wait times from AI agent demand, and humanoid robots crushed the Beijing half-marathon. Vercel says its internal systems were accessed after a Vercel employee's Google Workspace account was compromised via a breach at the AI platform Context.ai (BleepingComputer) Sources: the US NSA is using Mythos Preview; one source says Mythos is also being widely used within the DoD, despite Anthropic's supply chain risk designation (Axios) Adobe introduces CX Enterprise, an AI agent-based platform that aims to help corporate customers automate digital marketing and other functions (WSJ) Some Mac Mini and Mac Studio models are unavailable or facing up to 12-week wait times in the US, with analysts citing strong demand from AI agent power users (WSJ) Deezer says AI-generated tracks now account for 44% of daily uploads, totaling ~75K tracks per day and 2M+ per month, but account for just 1-3% of consumption (TechCrunch) Sources: Recursive Superintelligence, a four-month-old start-up developing self-teaching AI and founded by ex-DeepMind and OpenAI engineers, has raised $500M+ (FT) At the Beijing half-marathon, several humanoid robots beat human winners by 10+ minutes; a robot made by Honor beat the human world record held by Jacob Kiplimo (Reuters) Disclaimer: ● Initial 3 week subscription and 4 weeks of medication from $79 plus tax and $179 per month plus tax for 12 week subscription thereafter. Final pricing depends on program selection. ● Noom GLP-1Rx Program involves healthy diet, exercise and support. Individual results vary. Meds & personalization based on clinical need. Not reviewed by FDA for safety, efficacy, or quality. No affiliation with Novo Nordisk Inc., the only US source of FDA-approved semaglutide. Not available in all 50 US states ● Based on an analysis of self reported data from 1,254 engaged Noom users. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 169: In this episode of Critical Thinking - Bug Bounty Podcast gr3pme goes over some of the changes from OAuth 2.0 vs 2.1 and how Hackers can capitalize.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater, rez0 and gr3pme on X: https://x.com/Rhynoraterhttps://x.com/rez0__https://x.com/gr3pmeCritical Research Lab:https://lab.ctbb.show/ ====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== This Week in Bug Bounty ======Intigriti is providing free Burp Pro for Hackers!https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence====== Resources ======Django-allauth Account Takeover (ZeroPath Audit)https://zeropath.com/blog/django-allauth-account-takeover-vulnerabilitiesCVE-2025-4144: Cloudflare Workers PKCE Bypasshttps://github.com/cloudflare/workers-oauth-provider/security/advisories/GHSA-qgp8-v765-qxx9CVE-2025-54576: OAuth2-Proxy Auth Bypasshttps://zeropath.com/blog/cve-2025-54576-oauth2-proxy-auth-bypass====== Timestamps ======(00:00:00) Introduction(00:02:16) OAuth 2.0 Standards(00:12:08) Agent to Agent Communication(00:17:19) CVE Case studies

Discover why traditional IAM systems fail with AI agents and how OAuth 2.1, token delegation, and human-in-the-loop governance create secure autonomous systems. Learn the architecture behind treating AI agents as first-class identities with kill switches and granular access control.Learn more: https://www.loginradius.com/ai LoginRadius City: Vancouver Address: 450 SW Marine Drive, Floor 18 Website: https://www.loginradius.com/

In this Sponsor Spotlight, Jeff Steadman and Jim McDonald welcome back Stephen Cox, co-founder and CTO of Strivacity, for his third appearance and second sponsored episode. Stephen explains Strivacity's role as a CIAM platform and how it is evolving to address agentic AI identity. Topics include why agentic AI changes the identity equation, how agents differ from humans in authentication and authorization, the delegation model and open standards such as OAuth and token exchange, the limitations of API keys in agentic contexts, where MCP fits into the identity picture, managing multi-agent chains and subagents, and why the accountability model must be established before agentic systems reach production. The episode closes with a lighter note on simulation baseball.This episode is sponsored by Strivacity. Learn more at strivacity.com.Connect with Stephen: https://www.linkedin.com/in/stephencox/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comTIMESTAMPS00:00:00 Introduction and welcome00:02:30 About Strivacity and agentic AI platform support00:06:30 Why now is the right time to address agentic identity in CIAM00:09:00 How agent authentication and authorization differ from humans00:14:30 Good bots vs bad bots and the history of autonomous agents in CIAM00:19:00 Building your own agent identity solution: five key focus areas00:23:00 Where Strivacity sits in the agentic identity stack00:26:00 Why open standards matter and the vendor lock-in conversation00:28:00 Managing multiple delegated agents and user-facing control00:32:00 API keys and their limitations in agentic AI contexts00:38:00 MCP servers, proxies, and agent-to-agent protocols00:43:00 Multi-agent chains, subagents, and constrained delegation00:46:00 How existing Strivacity customers extend to agentic use cases00:48:00 The one thing you must get right: the accountability model00:51:00 Lighter note: simulation baseballKEYWORDSIDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Strivacity, Stephen Cox, CIAM, customer identity, agentic AI, AI agents, delegated identity, OAuth, token exchange, MCP, Model Context Protocol, API keys, non-human identity, authorization, authentication, delegation model, accountability, multi-agent, subagents, OpenID Connect, least privilege, identity governance

I sit down with Moritz Kremb, an OpenClaw power user and agency builder based in Berlin, to break down how to actually make OpenClaw useful. Moritz walks through a 10-step optimization guide covering everything from troubleshooting and memory management to model selection and security basics. He then demos two real systems he built with OpenClaw: a full short-form video content pipeline and a conversational CRM. This episode is for anyone who tried OpenClaw, hit a wall, and wants a clear path to turning it into a superhuman digital employee. Timestamps 00:00 – Intro and episode promise 02:17 – What is OpenClaw 03:17 – OpenClaw vs. ChatGPT vs. Claude Code 07:43 – Where Claude Cowork and Dispatch fit in 09:47 – Why choose OpenClaw over Cowork 11:03 – Step 1: Setting up OpenClaw 14:46 – Step 2: Personalize your workspace files 18:04 – Step 3: Fix and optimize memory 22:43 – Step 4: Choose the right model (OAuth method) 25:56 – Anthropic ban and model provider gray areas 27:33 – Step 5: Organize Telegram groups and topics 30:19 – Step 6: Understand the three browser modes 35:18 – Step 7: Skills — built-in, marketplace, and custom 39:03 – Step 8: Optimize the heartbeat file 42:00 – Step 9: Security basics and prompt injection 48:08 – Step 10: Least access principle and agent-owned accounts 49:52 – Use case 1: No AI Slop content system 58:37 – Use case 2: Conversational CRM 01:01:15 – Final thoughts on the future of personal agents 01:02:55 – Jensen Huang's take: OpenClaw as the new computer Key Points Upload the OpenClaw documentation into a Claude project to create a dedicated troubleshooting baseline — it solves roughly 99% of setup issues. Use the OAuth method (your existing $20 ChatGPT or Anthropic subscription) to avoid expensive API costs, and always configure backup models. Memory problems are almost always caused by memory never being saved in the first place; add an auto-save instruction to the heartbeat file so it logs every 30 minutes. Organize your OpenClaw conversations into separate Telegram groups and topics with group-specific system prompts to avoid context bleed. Stronger models are meaningfully more resistant to prompt injection; pair that with least-access principles and agent-owned accounts for a solid security posture. Custom skills are the path to real automation — whenever you do something repeatedly, tell your OpenClaw to turn it into a skill. The #1 tool to find startup ideas/trends - https://www.ideabrowser.com LCA helps Fortune 500s and fast-growing startups build their future - from Warner Music to Fortnite to Dropbox. We turn 'what if' into reality with AI, apps, and next-gen products https://latecheckout.agency/ The Vibe Marketer - Resources for people into vibe marketing/marketing with AI: https://www.thevibemarketer.com/ FIND ME ON SOCIAL X/Twitter: https://twitter.com/gregisenberg Instagram: https://instagram.com/gregisenberg/ LinkedIn: https://www.linkedin.com/in/gisenberg/ FIND MORITZ ON SOCIAL X: https://x.com/moritzkremb Youtube: https://www.youtube.com/@promptwarrior/videos Instagram: https://www.youtube.com/@promptwarrior/

As AI agents become part of everyday development workflows, authentication is becoming a critical piece of the puzzle.In our latest product update, we're sharing a behind-the-scenes look at how we implemented OAuth for Semaphore's MCP server—and what we learned along the way.You'll get a practical perspective on:* Why OAuth is essential for MCP and AI agents* The challenges of working with evolving specs and inconsistent agent behavior* What actually works in real-world implementations* Key lessons for building secure, reliable integrationsThis isn't theory—it's a real engineering deep dive from our team.

This week, we sit down with two guests from Anthropic, Matt Samuels, Senior Product Counsel, and Den Delimarsky, a core maintainer of the Model Context Protocol, or MCP. Together, they unpack why MCP is drawing so much attention across the legal industry and why some are calling it the USB-C for AI. For law firms long burdened by disconnected systems, scattered data, and the infamous integration tax, MCP offers a shared framework for connecting models to the places where real work and real knowledge live, from iManage and Slack to email, data lakes, and internal tools.Den explains that the promise of MCP is not tied to one model or one vendor. Instead, it creates a standardized way for AI tools to securely interact with many different systems without forcing organizations to build one-off integrations every time they want to connect a new source. The conversation gets especially relevant for legal listeners when Greg and Marlene press on issues like permissions, ethical walls, least-privilege access, and auditability. The answer from Anthropic is reassuring. MCP is built to work with familiar enterprise security concepts such as OAuth and role-based access, meaning firms do not have to throw out their security model in order to explore new AI workflows.Matt brings the legal and operational lens, translating MCP into practical use cases for lawyers, legal ops teams, and security leaders. He describes how AI becomes far more useful once it has access to the systems lawyers already rely on every day, while still operating within carefully defined administrative controls. The discussion highlights a key shift in how firms should think about AI. This is no longer about asking a chatbot a clever question and getting a polished paragraph back. With MCP, firms are moving toward systems where AI can retrieve, correlate, summarize, draft, and support actions across multiple platforms, all while staying inside the guardrails set by the organization.The episode also explores how MCP fits into the rise of agentic workflows, apps, plugins, and skills. Rather than treating AI as a static assistant, Anthropic describes a future where these tools become active participants in legal work, pulling together information from multiple sources, helping assemble case timelines, drafting notes into a shared document, and supporting lawyers in a far more integrated workspace. The conversation around skills is especially useful for firms thinking about standard operating procedures, preferred drafting styles, escalation rules, and repeatable work product. Skills and MCP do different jobs, but together they start to look like the operating system for structured legal workflows.By the end of the conversation, one message comes through clearly. The legal profession is still early in this shift, but the pace is picking up fast. Both Matt and Den encourage listeners to stop treating these tools like abstract future concepts and start experimenting with them now. At the same time, they offer an important note of caution. As much as these systems promise speed and efficiency, lawyers still need to protect the craft of lawyering, their judgment, and the human choices that matter most. For firms trying to make sense of where AI is headed next, this episode offers a grounded and practical look at the infrastructure layer that could shape what comes next.Listen on mobile platforms:  ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Apple Podcasts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ |  ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Spotify⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠YouTube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | Substack[Special Thanks to ⁠Legal Technology Hub⁠ for their sponsoring this episode.] ⁠⁠⁠⁠⁠Email: geekinreviewpodcast@gmail.comMusic: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Jerry David DeCicca⁠⁠⁠⁠⁠⁠⁠⁠⁠

Send a textThe cybersecurity battlefield is evolving at a lightning pace—and in 2025, we saw threats go from sophisticated to unstoppable. Identity has become the new frontline, with hackers weaponizing OAuth tokens, SaaS integrations, and impersonations to breach even the most secure environments. But here's the brutal truth: if you're not prepared for these attack vectors, you're already one step behind.In this electrifying episode, Sergey Novikov, CyberProof's director of cyber security content, exposes the shocking shifts that are defining 2025's cyber landscape—and why you can't afford to ignore them. He reveals how nation-states are collaborating openly in a cyber arms race, blending espionage, financial theft, and disruptive operations into devastating hybrid attacks. AI isn't just an overhyped buzzword anymore; it's turbocharging ransomware, automating infiltration, and lowering the bar for low-skill hackers to launch advanced, lightning-fast attacks.You'll discover:How identity has overtaken infrastructure as the primary attack surface, and what this means for your organization's defenses.The dangerous collaboration among state-sponsored groups—blurring lines between espionage and cybercrime—and why it's shaping the next wave of threats.Surprising insights on supply chain attacks targeting SaaS platforms and third-party vendors—plus real-world examples like the water supply hack that could have poisoned millions.The terrifying rise of AI-driven autonomous attacks capable of multi-step, pincer-movement operations with minimal human intervention.Why the global cyber power struggle—especially between nations like Russia, China, and Iran—will spill over into the digital realm even more aggressively in 2026.This isn't just another “cybersecurity forecast”—it's a wake-up call. If you're serious about protecting your business, personal data, or even your family from the chaos coming next year, this episode is your first line of defense.Sergey Novikov isn't just talking theory; he's a top cybersecurity thought leader, unraveling the complex tactics used by today's cyber adversaries and sharing hard truths about where we're headed.Are you ready to face the terrifying realities of tomorrow's cyber world? If you're a security professional, a business owner, or anyone who depends on digital trust, you cannot afford to miss this.Tune in now. Get informed. Get prepared. The future of cybersecurity starts today.Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

A new open-source command-line tool enables AI agents to securely access and automate tasks within Google Workspace applications such as Gmail, Google Docs, and Google Sheets. The tool uses API-based integration and OAuth authentication to allow AI agents to read, write, and organize emails, generate documents, and update spreadsheets without manual input. Entrepreneurs and business owners can leverage this technology to automate email management, document creation, and data updates, resulting in time savings and reduced errors. Security measures include transparent open-source code, granular permissions, and activity monitoring. Real-world uses include automating CRM updates, generating reports, and streamlining client deliverables. Experts recommend identifying time-consuming tasks, consulting with IT for compatibility, testing automation on low-risk processes, and regularly auditing security settings before scaling. This advancement enables businesses to improve operational efficiency and focus on strategic growth.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

We're preparing a new update for the Semaphore MCP server that will make it easier for developers to connect AI agents and developer tools.The focus of this update is authentication.Today, connecting an agent to the MCP server typically requires using a long-lived API token. While this works well, it also means developers need to generate credentials, store them in configuration files, and manage them manually.In our next release, coming next week, we're introducing OAuth authentication support for the MCP server.This will make connecting agents and developer tools significantly simpler.Instead of generating and storing API tokens, developers will be able to authenticate through a familiar OAuth flow. When configuring an agent, a browser window opens, you log in, and approve access to the MCP server. Once approved, the connection is established automatically.This approach removes the need to manage long-lived credentials and makes integrations easier to set up.It also improves compatibility with modern agentic development tools. Some tools have limitations when working with static API tokens, and OAuth removes those barriers.Read more on our blog.Pete MiloravacThe Semaphore Teamhttps://semaphore.io This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit semaphoreio.substack.com

Bruteforce Scans for CrushFTP https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762 Android March 2026 Patches, including 0-Day (CVE-2026-21385) https://source.android.com/docs/security/bulletin/2026/2026-03-01 OAuth redirection abuse enables phishing and malware delivery https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/

Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere. In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility. In this conversation, we explore:✅ What SSPM actually means (and why the “PM” might be limiting)✅ How Shadow IT evolved into Shadow SaaS and Shadow AI✅ The intersection of identity and cybersecurity in SaaS environments✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift✅ Why continuous monitoring beats periodic audits✅ CASB vs SSPM vs CNAPP — where the lines blur✅ The growing governance challenge in AI-powered SaaS✅ Why SaaS security can’t be ignored anymore If your organization uses SaaS (spoiler: it does), this discussion is not optional.

A new Anthropic study shows that AI agents are being used far more conservatively than their capabilities suggest, with short sessions, heavy human oversight, and growing use beyond coding into back office, marketing, sales, and finance. The data highlights that autonomy is shaped as much by trust and interaction design as raw model power. In the headlines: Gemini adds music generation, Anthropic clarifies its OAuth policy, Meta revives its AI smartwatch, Grok expands to 16 debating subagents, and more. Want to build with OpenClaw?LEARN MORE ABOUT CLAW CAMP: ⁠⁠⁠https://campclaw.ai/⁠⁠⁠Or for enterprises, check out: ⁠⁠⁠https://enterpriseclaw.ai/⁠⁠⁠Brought to you by:KPMG – Discover how AI is transforming possibility into reality. Tune into the new KPMG 'You Can with AI' podcast and unlock insights that will inform smarter decisions inside your enterprise. Listen now and start shaping your future with every episode. ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.kpmg.us/AIpodcasts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Mercury - modern banking for business and now personal accounts. Learn more at ⁠https://mercury.com/personal-banking⁠Rackspace Technology - Build, test and scale intelligent workloads faster with Rackspace AI Launchpad - ⁠⁠⁠⁠⁠⁠⁠http://rackspace.com/ailaunchpad⁠⁠⁠⁠⁠⁠⁠Blitzy - Want to accelerate enterprise software development velocity by 5x? ⁠⁠⁠⁠https://blitzy.com/⁠⁠⁠⁠Optimizely Agents in Action - Join the virtual event (with me!) free March 4 - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.optimizely.com/insights/agents-in-action/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠AssemblyAI - The best way to build Voice AI apps - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.assemblyai.com/brief⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠LandfallIP - AI to Navigate the Patent Process - https://landfallip.com/Robots & Pencils - Cloud-native AI solutions that power results ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://robotsandpencils.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠The Agent Readiness Audit from Superintelligent - Go to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://besuper.ai/ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠to request your company's agent readiness score.The AI Daily Brief helps you understand the most important news and discussions in AI. Subscribe to the podcast version of The AI Daily Brief wherever you listen: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://pod.link/1680633614⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Interested in sponsoring the show? sponsors@aidailybrief.ai

Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover.  In this episode, Ron sits down with Rajan Kapoor, VP of Security at Material Security, to break down the real risks hiding inside Google Workspace and Microsoft 365. They cover how phishing has evolved into full-blown business email compromise, why malicious OAuth apps are the new favorite attack vector, and what security teams, especially lean ones, can do right now to lock down their cloud workspace. Rajan also drops practical advice on passkeys, document sharing hygiene, and why data lifecycle management is a problem no one is solving well enough. Impactful Moments 00:00 – Introduction 03:30 – The current state of phishing 05:30 – Outbound email compromise risk 09:30 – OAuth apps as attack vectors 15:00 – AI agents accessing your workspace 16:00 – Prompt injection is the new SQL injection 18:00 – Allow listing apps immediately 24:30 – Google Workspace vs Microsoft 365 security 27:30 – Custom detections require API expertise 28:00 – Why passkeys matter right now 32:00 – Data lifecycle management for shared docs Links Connect with our guest, Rajan Kapoor, on LinkedIn: https://www.linkedin.com/in/rajankkapoor/ Learn more about Material Security: https://material.security  ___ Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Check out our upcoming events: https://www.hackervalley.com/livestreams  Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com   

In this episode of The Dish on Health IT, host Tony Schueth is joined by co-host Alix Goss and special guest Amy Gleason, Strategic Advisor to Centers for Medicare & Medicaid Services (CMS) and Administrator of the U.S. Department of Government Efficiency (DOGE) Service, for a wide-ranging discussion on how health IT modernization is evolving under a pledge-driven, incentive-backed federal strategy.The conversation begins not with policy, but with lived experience.From Emergency Room to Interoperability AdvocateAmy shares how her early career as an emergency room nurse exposed the dangers of fragmented information. Providers were expected to make critical decisions without access to complete patient histories, while patients, often in pain or distress, were unrealistically asked to recall complex medical details.That professional frustration became deeply personal when her daughter went more than a year without diagnosis for a rare autoimmune disease, juvenile dermatomyositis (JDM). Multiple specialists saw pieces of the puzzle, but no one could see the full picture across charts and settings. Amy reflects that if today's AI tools had been applied to her daughter's complete longitudinal record, the condition may have surfaced sooner.That experience shaped her philosophy. Technology must converge with policy and trust in ways that tangibly improve care.Why Pledges Instead of Rules?Tony presses on a central theme. Amy has argued that we cannot regulate our way to success. Why pursue voluntary pledges instead of federal rulemaking?Amy explains her frustration returning to government in 2025 to find interoperability policies she helped draft in 2020 still not fully effective until 2027. Seven years is an eternity in technology. Meanwhile, the industry had technically complied with numerous mandates including Meaningful Use, Cures Act APIs and CMS interoperability rules, yet many workflows still felt broken.In her view, regulation created a floor but not always real transformation.The CMS Health Tech Ecosystem Pledge was launched as a different model. The federal government used its convening power to articulate a clear vision and challenge industry to deliver minimum viable products within six to twelve months rather than years.Initially announced with roughly 60 companies, the pledge initiative has grown to more than 600 participants collaborating in working groups. The three initial patient-focused use cases include:Improving data interoperability“Killing the clipboard” through digital identity and QR-based sharingLeveraging conversational AI and personalized recommendations for chronic conditions such as diabetes and obesityAmy describes live demonstrations at a Connectathon showing OAuth-enabled data retrieval, QR ingestion into EHR workflows and AI-powered recommendations built on patient data. The goal is not perfection by the first milestone, but real-world minimum viable functionality that can iteratively improve.Alix notes that from the standards community perspective, this approach feels aligned with long-standing calls for industry-driven collaboration, though it remains early to measure widespread impact.Carrots, Sticks and Rural HealthThe discussion turns to incentives.Amy outlines the administration's carrots and sticks strategy:Stick: Enforcement of information blocking, with penalties up to $2 million per occurrenceCarrots: Financial incentives such as the $50 billion Rural Health Transformation Program and the CMS ACCESS Model, which pays for technology-enabled outcomesThe Rural Health Transformation Program directs money to states with expectations that ecosystem-aligned interoperability and app participation be incorporated into funding proposals. CMS retains oversight and clawback authority to ensure funds support rural providers.The ACCESS Model represents a significant shift. Technology-enabled care platforms can register as Medicare Part B providers and be paid for measurable outcomes in tracks such as cardiometabolic disease, musculoskeletal conditions and behavioral health. Providers remain in the loop and receive compensation for referral and care plan oversight.Alix underscores that rural providers face steep financial and workforce constraints. Standards participation, implementation and technology upgrades require resources that are often scarce. The success of these incentives will depend on whether they reduce burden rather than add to it.AI: Evolution, Risk and RealityAI becomes a central thread of the episode.Amy compares AI adoption to autonomous vehicle models. Some scenarios allow tightly controlled automation, such as medication refills, while others require a human in the loop for higher-risk decisions. She points to a Utah prescription refill pilot as an example of bounded automation, where malpractice coverage and clearly defined use cases mitigate risk.When Tony asks who owns risk in this evolving landscape, Amy emphasizes the need for light but clear regulatory pathways rather than fragmented state-by-state oversight.Patients, she notes, are already there. Millions are asking health-related questions weekly through AI tools. The more pressing issue is ensuring those tools are grounded in structured medical data rather than incomplete memory or unverified inputs.She shares a striking story. Her daughter was excluded from a clinical trial due to a misclassification of ulcerative colitis. By uploading her records into an AI model, they identified a more precise diagnosis, microscopic lymphocytic colitis, which did not disqualify her from the trial. For Amy, this demonstrates both the power and inevitability of AI use.Alix adds caution. AI is only as strong as the data beneath it. Dirty, inconsistent and poorly structured data limits performance. Standards and terminologies remain essential to fuel high-fidelity models and safeguard trust.FHIR, Deregulation and the Data FoundationThe conversation addresses an emerging tension. If regulatory burdens are being reduced, does that signal less need for structured standards like FHIR?Amy candidly admits she initially wondered whether AI might reduce the need for FHIR altogether. After discussions with labs and technologists, she concluded the opposite. Standardized data dramatically improves AI performance and reduces error.Deregulation is about removing unnecessary burden, not abandoning foundational data structures.Alix reinforces that FHIR enables discrete, normalized data capture that supports both legacy transactions and AI evolution. While future innovations may emerge, today FHIR remains the backbone for scalable interoperability.Prior Authorization and HIPAA ModernizationThe episode dives into prior authorization modernization across medical and pharmacy domains.Amy notes growing interest among pledge participants to expand into pharmacy prior authorization testing, diagnostic imaging, real-time benefit checks and bulk FHIR performance testing.Alix provides insight into ongoing work within the Designated Standards Maintenance Organizations to incorporate FHIR-based approaches into HIPAA-named standards, particularly for prior authorization. She highlights testing beyond Connectathons, including implementer communities and real-world pilot efforts.Both stress the importance of public comment periods and industry engagement, describing participation as a civic responsibility for health IT professionals.Trust as the Core EnablerThe final segment centers on trust.Amy explains that the ecosystem initiative aims to reinforce trust through:Stronger digital identity verification such as Clear, ID.me and Login.govCertification frameworks such as CARIN and DIME for patient-facing appsA new national provider directory to replace fragmented provider data sourcesTransparency dashboards showing data requests, volumes and purposeRather than replacing frameworks like TEFCA, she describes the pledge model as an accelerator layered above the regulatory floor.Transparency acts as sunlight, enabling visibility into who is accessing data and for what purpose.Final TakeawaysIn closing, Amy urges providers not to sit on the sidelines. Too often, she says, providers feel change is imposed on them. The pledge environment is designed as an open forum where they can directly shape what works or does not work in real workflows.Alix echoes the call. Standards require participation. Organizations must allocate budget and staff to engage, comment and collaborate. It truly takes a village.Tony concludes by framing the episode's core message. Regulation establishes baseline expectations, but voluntary movements can demonstrate what is possible before mandates reach the Federal Register.Across pledges, payment reform, AI evolution and trust frameworks, the episode underscores a consistent theme. Modernization in health IT depends not only on policy direction, but on shared accountability and active participation from every stakeholder in the ecosystem.Listeners are reminded that POCP is available to support organizations in understanding the implications of federal initiatives, enforcement priorities and their strategic implications. Reach out to us to set up an initial consultation. The episode closes, as always, with the reminder that Health IT is a dish best served hot.Prefer video? Catch episodes on the POCP YouTube channel

In this episode of the Crazy Wisdom Podcast, host Stewart Alsop sits down with Lars van der Zande, founder and CEO/technical architect of Inkwell Finance, for what Lars describes as his first-ever podcast appearance. The conversation covers a wide range of blockchain infrastructure topics, including Lars's work with Sui and Solana blockchains, the innovative capabilities of Ika's programmatic wallets and blockchain of signatures, and how Inkwell Finance is building revenue-based financing solutions for on-chain entities—from AI agents to protocols. They explore the evolving landscape of crypto regulation, the merging of traditional finance with blockchain technology, the future of decentralized legal systems, and how the user experience barrier is being lowered through technologies that eliminate constant transaction signing. Lars also discusses Inkwell's embedded financing approach and their pre-seed fundraising round.Links mentioned:- Inkwell's website: inkwell.finance- Inkwell on Twitter: @__inkwell- Lars on Twitter: @LMVDZandeTimestamps00:00 Introduction to Inkwell Finance and Technical Architecture02:06 Understanding Sui and Solana: Blockchain Dynamics05:55 The Role of Ika in Inkwell Finance11:51 Leviathan: Revenue Generation and Financing in Crypto17:38 The Future of AI Agents and Programmatic Wallets23:23 Smart Contracts: Legal Implications and Future Directions25:06 The Future of Inqvil Finance25:42 Decentralization and Its Evolution27:32 The Merging of Traditional and Crypto Systems29:33 Global Financial Dynamics and Market Reactions31:48 The Collapse of Traditional Financial Systems32:46 Jurisdictional Shifts in the Crypto World33:59 Legal Systems and Blockchain Integration35:57 On-Chain Credit and Financial Opportunities39:29 The Role of AI in Finance41:30 Learning from Peer-to-Peer Lending History43:14 Disruption in Insurance and Risk Management44:54 On-Chain vs Off-Chain Data46:54 The Evolution of the Internet and Blockchain49:12 Future Subscription Models in BlockchainKey Insights1. Ika's Revolutionary Blockchain Signature Technology: Lars discovered Ika, a blockchain of signatures built on Sui that enables any blockchain transaction to be signed without revealing the underlying message. Using patented 2PC MPC technology, Ika splits key shares across validators and encrypts them in transit, performing complex cryptographic operations that allow smart contracts on Sui to generate signatures for transactions on any other blockchain. This eliminates the need to build separate smart contracts on each blockchain, fundamentally changing how cross-chain interactions work and opening possibilities for truly interoperable decentralized applications.2. Programmatic Wallets vs Traditional Wallets: Traditional wallets like MetaMask require manual user approval for every transaction through a front-end interface, but Ika's D-wallet introduces programmatic wallets with policy-based controls embedded in smart contracts. These wallets can execute transactions based on predetermined conditions checked against on-chain data like Oracle prices, without requiring individual user signatures. For example, a Bitcoin D-wallet can hold native Bitcoin without wrapping or bridging to a custodian, and smart contract policies determine when and how that Bitcoin can be transferred, creating unprecedented security and automation possibilities for decentralized finance.3. Inkwell's Revenue-Based Financing Model: Inkwell Finance is building Leviathan, a revenue-based financing platform for on-chain entities including protocols, AI agents, and individual traders with verifiable track records. Borrowers receive capital based on their on-chain performance metrics like sharp ratio and drawdown, with loan repayment automatically deducted from their revenue stream. The profit split structure allocates approximately 60% to borrowers, 30% to lenders, and 10% split between Inkwell and integrating platforms. This creates a sustainable lending model where flight risk is minimized through D-wallet policy controls that restrict how borrowed capital can be used.4. Wallet-as-a-Protocol and the Future of User Experience: The crypto industry is moving toward embedded wallet solutions that eliminate the friction of traditional wallet management, with Wallet-as-a-Protocol representing the next evolution beyond services like Privy and Dynamic. Unlike current embedded wallets that lock users into specific applications, Wallet-as-a-Protocol enables single sign-on across multiple applications while users maintain control of their keys. Combined with app-sponsored gas fees, this approach allows non-crypto-native users to interact with blockchain applications without knowing they're using crypto, removing the biggest barrier to mainstream adoption and creating web2-like user experiences on web3 infrastructure.5. AI Agents as Financial Entities: AI agents are emerging as revenue-generating entities with on-chain transaction histories that create verifiable track records for creditworthiness assessment. Inkwell Finance is specifically targeting this market, recognizing that AI agents will need wallets and capital to operate effectively. The programmatic nature of D-wallets pairs perfectly with AI agents, as policy controls can restrict agent behavior to specific smart contract interactions, preventing unauthorized fund transfers while allowing automated trading or revenue generation. This creates a new category of borrower that operates 24/7 with completely transparent performance metrics, fundamentally different from traditional loan recipients.6. Cross-Chain Liquidity Without Asset Transfer: Ika's technology enables users to take loans against revenue generated on one blockchain and deploy that capital on entirely different blockchains without moving their original liquidity positions. For instance, someone earning yield on Sui's Fusol protocol could borrow against that revenue stream and deploy capital on Solana opportunities, effectively creating multiple on-chain businesses that generate their own credit scores and revenue to service debt. This ability to read state across different blockchains from within smart contracts opens possibilities for multi-chain strategies that don't require withdrawing capital from productive positions, maximizing capital efficiency across the entire crypto ecosystem.7. The Convergence of Traditional Finance and Crypto Infrastructure: The regulatory landscape is rapidly evolving with initiatives like the Genius Act and Clarity Act creating frameworks where traditional financial systems merge with crypto infrastructure through mechanisms like stablecoins backed by US treasuries. Companies are increasingly establishing entities in the United States to access capital networks and Delaware's established legal framework while issuing tokens through jurisdictions like Switzerland. This hybrid approach, combined with emerging concepts like Gabriel Shapiro's "cybernetic agreements" that make smart contract parameters legally enforceable in traditional courts, suggests the future isn't pure decentralization but rather a sophisticated integration of on-chain and off-chain legal and financial systems.

OAuth is a widely used authorization (not authentication) protocol that lets a resource owner grant access to a resource using access tokens. These tokens define access attributes, including scope and length of time. OAuth can be used to grant access to human and non-human entities (for example, AI agents). OAuth is increasingly being abused by... Read more »

OAuth is a widely used authorization (not authentication) protocol that lets a resource owner grant access to a resource using access tokens. These tokens define access attributes, including scope and length of time. OAuth can be used to grant access to human and non-human entities (for example, AI agents). OAuth is increasingly being abused by... Read more »

Microsoft Patch Tuesday January 2026 Microsoft released patches for 113 vulnerabilities. This includes one already exploited vulnerability, one that was made public before today and eight critical vulnerabilities. https://isc.sans.edu/diary/January%202026%20Microsoft%20Patch%20Tuesday%20Summary/32624 Adobe Patches Adobe released patches for five products. The code execution vulnerabilities in ColdFusion and Acrobat Reader deserve special attention. https://helpx.adobe.com/security.html Fortinet Patches Fortnet patched two products today, one suffering from an SSRF vulnerability. https://fortiguard.fortinet.com/psirt/FG-IR-25-783 https://fortiguard.fortinet.com/psirt/FG-IR-25-084 ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants Attackers are tricking victims to copy/paste OAUTH URLs, including credentials, to a fake CAPTCHA https://pushsecurity.com/blog/consentfix

n8n supply chain attack Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM. https://www.endorlabs.com/learn/n8mare-on-auth-street-supply-chain-attack-targets-n8n-ecosystem Gogs 0-Day Exploited in the Wild An at the time unpachted flaw in Gogs was exploited to compromise git repos. https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Telegram Proxy Link Abuse Telegram proxy links have been abused to deanonymize users https://x.com/GangExposed_RU/status/2009961417781457129

Instagram denies breach post-data leak Sweden detains consultant suspected of spying n8n supply chain attack steals OAuth tokens Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that show CISOs exactly how to implement and maintain Zero Trust in real environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March 6. Get $200 off with ZTWCISO26 at ztw.com.  

ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants

One year ago, Anthropic launched the Model Context Protocol (MCP)—a simple, open standard to connect AI applications to the data and tools they need. Today, MCP has exploded from a local-only experiment into the de facto protocol for agentic systems, adopted by OpenAI, Microsoft, Google, Block, and hundreds of enterprises building internal agents at scale. And now, MCP is joining the newly formed Agentic AI Foundation (AAIF) under the Linux Foundation, alongside Block's Goose coding agent, with founding members spanning the biggest names in AI and cloud infrastructure.We sat down with David Soria Parra (MCP lead, Anthropic), Nick Cooper (OpenAI), Brad Howes (Block / Goose), and Jim Zemlin (Linux Foundation CEO) to dig into the one-year journey of MCP—from Thanksgiving hacking sessions and the first remote authentication spec to long-running tasks, MCP Apps, and the rise of agent-to-agent communication—and the behind-the-scenes story of how three competitive AI labs came together to donate their protocols and agents to a neutral foundation, why enterprises are deploying MCP servers faster than anyone expected (most of it invisible, internal, and at massive scale), what it takes to design a protocol that works for both simple tool calls and complex multi-agent orchestration, how the foundation will balance taste-making (curating meaningful projects) with openness (avoiding vendor lock-in), and the 2025 vision: MCP as the communication layer for asynchronous, long-running agents that work while you sleep, discover and install their own tools, and unlock the next order of magnitude in AI productivity.We discuss:* The one-year MCP journey: from local stdio servers to remote HTTP streaming, OAuth 2.1 authentication (and the enterprise lessons learned), long-running tasks, and MCP Apps (iframes for richer UI)* Why MCP adoption is exploding internally at enterprises: invisible, internal servers connecting agents to Slack, Linear, proprietary data, and compliance-heavy workflows (financial services, healthcare)* The authentication evolution: separating resource servers from identity providers, dynamic client registration, and why the March spec wasn't enterprise-ready (and how June fixed it)* How Anthropic dogfoods MCP: internal gateway, custom servers for Slack summaries and employee surveys, and why MCP was born from “how do I scale dev tooling faster than the company grows?”* Tasks: the new primitive for long-running, asynchronous agent operations—why tools aren't enough, how tasks enable deep research and agent-to-agent handoffs, and the design choice to make tasks a “container” (not just async tools)* MCP Apps: why iframes, how to handle styles and branding, seat selection and shopping UIs as the killer use case, and the collaboration with OpenAI to build a common standard* The registry problem: official registry vs. curated sub-registries (Smithery, GitHub), trust levels, model-driven discovery, and why MCP needs “npm for agents” (but with signatures and HIPAA/financial compliance)* The founding story of AAIF: how Anthropic, OpenAI, and Block came together (spoiler: they didn't know each other were talking to Linux Foundation), why neutrality matters, and how Jim Zemlin has never seen this much day-one inbound interest in 22 years—David Soria Parra (Anthropic / MCP)* MCP: https://modelcontextprotocol.io* https://uk.linkedin.com/in/david-soria-parra-4a78b3a* https://x.com/dsp_Nick Cooper (OpenAI)* X: https://x.com/nicoaicoprBrad Howes (Block / Goose)* Goose: https://github.com/block/gooseJim Zemlin (Linux Foundation)* LinkedIn: https://www.linkedin.com/in/zemlin/Agentic AI Foundation* https://agenticai.foundationFull Video EpisodeTimestamps00:00:00 Introduction: MCP's First Year and Foundation Launch00:01:17 MCP's Journey: From Launch to Industry Standard00:02:06 Protocol Evolution: Remote Servers and Authentication00:08:52 Enterprise Authentication and Financial Services00:11:42 Transport Layer Challenges: HTTP Streaming and Scalability00:15:37 Standards Development: Collaboration with Tech Giants00:34:27 Long-Running Tasks: The Future of Async Agents00:30:41 Discovery and Registries: Building the MCP Ecosystem00:30:54 MCP Apps and UI: Beyond Text Interfaces00:26:55 Internal Adoption: How Anthropic Uses MCP00:23:15 Skills vs MCP: Complementary Not Competing00:36:16 Community Events and Enterprise Learnings01:03:31 Foundation Formation: Why Now and Why Together01:07:38 Linux Foundation Partnership: Structure and Governance01:11:13 Goose as Reference Implementation01:17:28 Principles Over Roadmaps: Composability and Quality01:21:02 Foundation Value Proposition: Why Contribute01:27:49 Practical Investments: Events, Tools, and Community01:34:58 Looking Ahead: Async Agents and Real Impact Get full access to Latent.Space at www.latent.space/subscribe

One year ago, Anthropic launched the Model Context Protocol (MCP)—a simple, open standard to connect AI applications to the data and tools they need. Today, MCP has exploded from a local-only experiment into the de facto protocol for agentic systems, adopted by OpenAI, Microsoft, Google, Block, and hundreds of enterprises building internal agents at scale. And now, MCP is joining the newly formed Agentic AI Foundation (AAIF) under the Linux Foundation, alongside Block's Goose coding agent, with founding members spanning the biggest names in AI and cloud infrastructure. We sat down with David Soria Parra (MCP lead, Anthropic), Nick Cooper (OpenAI), Brad Howes (Block / Goose), and Jim Zemlin (Linux Foundation CEO) to dig into the one-year journey of MCP—from Thanksgiving hacking sessions and the first remote authentication spec to long-running tasks, MCP Apps, and the rise of agent-to-agent communication—and the behind-the-scenes story of how three competitive AI labs came together to donate their protocols and agents to a neutral foundation, why enterprises are deploying MCP servers faster than anyone expected (most of it invisible, internal, and at massive scale), what it takes to design a protocol that works for both simple tool calls and complex multi-agent orchestration, how the foundation will balance taste-making (curating meaningful projects) with openness (avoiding vendor lock-in), and the 2025 vision: MCP as the communication layer for asynchronous, long-running agents that work while you sleep, discover and install their own tools, and unlock the next order of magnitude in AI productivity. We discuss: The one-year MCP journey: from local stdio servers to remote HTTP streaming, OAuth 2.1 authentication (and the enterprise lessons learned), long-running tasks, and MCP Apps (iframes for richer UI) Why MCP adoption is exploding internally at enterprises: invisible, internal servers connecting agents to Slack, Linear, proprietary data, and compliance-heavy workflows (financial services, healthcare) The authentication evolution: separating resource servers from identity providers, dynamic client registration, and why the March spec wasn't enterprise-ready (and how June fixed it) How Anthropic dogfoods MCP: internal gateway, custom servers for Slack summaries and employee surveys, and why MCP was born from "how do I scale dev tooling faster than the company grows?" Tasks: the new primitive for long-running, asynchronous agent operations—why tools aren't enough, how tasks enable deep research and agent-to-agent handoffs, and the design choice to make tasks a "container" (not just async tools) MCP Apps: why iframes, how to handle styles and branding, seat selection and shopping UIs as the killer use case, and the collaboration with OpenAI to build a common standard The registry problem: official registry vs. curated sub-registries (Smithery, GitHub), trust levels, model-driven discovery, and why MCP needs "npm for agents" (but with signatures and HIPAA/financial compliance) The founding story of AAIF: how Anthropic, OpenAI, and Block came together (spoiler: they didn't know each other were talking to Linux Foundation), why neutrality matters, and how Jim Zemlin has never seen this much day-one inbound interest in 22 years — David Soria Parra (Anthropic / MCP) MCP: https://modelcontextprotocol.io https://uk.linkedin.com/in/david-soria-parra-4a78b3a https://x.com/dsp_ Nick Cooper (OpenAI) X: https://x.com/nicoaicopr Brad Howes (Block / Goose) Goose: https://github.com/block/goose Jim Zemlin (Linux Foundation) LinkedIn: https://www.linkedin.com/in/zemlin/ Agentic AI Foundation https://agenticai.foundation Chapters 00:00:00 Introduction: MCP's First Year and Foundation Launch 00:01:17 MCP's Journey: From Launch to Industry Standard 00:02:06 Protocol Evolution: Remote Servers and Authentication 00:08:52 Enterprise Authentication and Financial Services 00:11:42 Transport Layer Challenges: HTTP Streaming and Scalability 00:15:37 Standards Development: Collaboration with Tech Giants 00:34:27 Long-Running Tasks: The Future of Async Agents 00:30:41 Discovery and Registries: Building the MCP Ecosystem 00:30:54 MCP Apps and UI: Beyond Text Interfaces 00:26:55 Internal Adoption: How Anthropic Uses MCP 00:23:15 Skills vs MCP: Complementary Not Competing 00:36:16 Community Events and Enterprise Learnings 01:03:31 Foundation Formation: Why Now and Why Together 01:07:38 Linux Foundation Partnership: Structure and Governance 01:11:13 Goose as Reference Implementation 01:17:28 Principles Over Roadmaps: Composability and Quality 01:21:02 Foundation Value Proposition: Why Contribute 01:27:49 Practical Investments: Events, Tools, and Community 01:34:58 Looking Ahead: Async Agents and Real Impact

In the final show of 2025, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: React2Shell attacks continue, surprising no one The unholy combination of OAuth consent phishing, social engineering and Azure CLI Venezuela's state oil firm gets ransomware'd, blames US… but what if it really is a US cyber op?! Russian junk-hacktivist gets indicted for cybering critical… err… a car wash and a fountain Microsoft finally turns RC4 off by default in Active Directory Kerberos Traefik's TLS verify=on … turns it off, whoopsie

Interview Segment: Tony Kelly Illuminating Data Blind Spots As data sprawls across clouds and collaboration tools, shadow data and fragmented controls have become some of the biggest blind spots in enterprise security. In this segment, we'll unpack how Data Security Posture Management (DSPM) helps organizations regain visibility and control over their most sensitive assets. Our guest will break down how DSPM differs from adjacent technologies like DLP, CSPM, and DSP, and how it integrates into broader Zero Trust and cloud security strategies. We'll also explore how compliance and regulatory pressures are shaping the next evolution of the DSPM market—and what security leaders should be doing now to prepare. Segment Resources: https://static.fortra.com/corporate/pdfs/brochure/fta-corp-fortra-dspm-br.pdf This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! Topic Segment: We've got passkeys, now what? Over this year on this podcast, we've talked a lot about infostealers. Passkeys are a clear solution to implementing phishing and theft-resistant authentication, but what about all these infostealers stealing OAuth keys and refresh tokens? As long as session hijacking is as simple as moving a cookie from one machine to another, securing authentication seems like solving only half the problem. Locking the front door, but leaving a side door unlocked. After doing some research, it appears that there has been some work on this front, including a few standards that have been introduced: DBSC (Device Bound Session Credentials) for browsers DPoP (Demonstrating Proof of Possession) for OAuth applications We'll address a few key questions in this segment: 1. how do these new standards help stop token theft? 2. how broadly have they been adopted? Segment Resources: FIDO Alliance White Paper: DBSC/DPOP as Complementary Technologies to FIDO Authentication News Segment Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-437

The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new spec like this. Segment resources: https://aaronparecki.com/2025/11/25/1/mcp-authorization-spec-update https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html https://oauth.net/cross-app-access/ https://oauth.net/2/oauth-best-practice/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-360