Podcasts about rsac

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-449

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-449

RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what should security leaders expect when they attend? Joseph Blankenship, Vice President, Research Director at Forrester Research, and Adrian Sanabria, host of Enterprise Security Weekly, join Business Security Weekly for a special recording from RSAC 2026. This pre-recorded session was filmed live from the conference on March 24, 2026. We discuss what security leaders will see, what they should expect from attending, and a few predictions for the future. If you didn't attend the conference, don't worry, this is a great way to get an inside view. And maybe it helps you decide to attend next year. Show Notes: https://securityweekly.com/bsw-449

We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026. Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what's different or special about securing agent identities. We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike. Segment Resources: https://genai.owasp.org https://genai.owasp.org/resources/ https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-384

We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026. Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what's different or special about securing agent identities. We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike. Segment Resources: https://genai.owasp.org https://genai.owasp.org/resources/ https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Show Notes: https://securityweekly.com/asw-384

We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026. Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what's different or special about securing agent identities. We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike. Segment Resources: https://genai.owasp.org https://genai.owasp.org/resources/ https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-384

We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project's latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI data security, the rise of AI-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026. Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what's different or special about securing agent identities. We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike. Segment Resources: https://genai.owasp.org https://genai.owasp.org/resources/ https://www.scworld.com/podcast-episode/3905-keeping-up-with-the-owasp-genai-project-scott-clinton-asw-381 This segment is sponsored by The OWASP GenAI Security Project. Visit https://securityweekly.com/owasp to learn more about them! Show Notes: https://securityweekly.com/asw-384

Agentic AI was the theme that pulled away from the pack at RSAC Conference 2026. Tony Anscombe of ESET makes the case that once AI shifts from being directed by humans to operating with its own objectives and logic, the security surface changes with it, and organizations are being forced to rethink what they protect and how. At the show, ESET announced two products that meet that moment head on. The ESET AI Skills Checker is a free-to-use tool coming to market. ESET AI Protection looks inside AI sessions on the endpoint, flagging sensitive data leakage, malicious links returned by AI systems, and suspicious behavior, and surfacing it all inside normal cybersecurity operations for investigation, blocking, or detection. Tony closes with a reminder worth keeping. His first RSA was in 1998, and the technology he worked on then (sandboxing, dynamic code, remote windowing, encryption, authentication) mirrors a lot of what walks the RSAC Conference floor today. The packaging evolves, the core principles do not. Build forward, but do not lose sight of what the past already proved. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Tony Anscombe, Chief Security Evangelist, ESET LinkedIn: https://www.linkedin.com/in/tonyanscombe/ RESOURCES Learn more about ESET: https://www.eset.com ESET AI Skills Checker and ESET AI Protection: https://www.eset.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Tony Anscombe, ESET, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, agentic AI, AI security, RSAC Conference 2026, threat intelligence, MDR, EDR, endpoint security, AI Skills Checker, AI Protection, cybersecurity community, multifactor authentication, cybersecurity evolution Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

As AI expands across critical sectors, this podcast episode examines how it disrupts privacy and compliance, creating new risks in consent, data use, and re‑identification. Through real cases and practical guidance, listeners learn how to build privacy‑first AI systems that maintain trust and regulatory alignment. Speakers: Noor Bains, Principal Field Solutions Architect, CDW Tatyana Sanchez, Senior Coordinator, Content & Programming, RSAC Kacy Zurkus, Director of Content, RSAC

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 86: The Trusted Channel: AT Command Exploits and Cellular IoT SecurityPub date: 2026-05-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCellular modules in your IoT devices are trusted and that trust can be an insecure  pivot point into your network for attackers. Deral Heiland, Principal Security Research for IoT at Rapid 7 discusses his presentation at RSAC 2026 on AT command exploits and supply chain risk.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Cellular modules in your IoT devices are trusted and that trust can be an insecure  pivot point into your network for attackers. Deral Heiland, Principal Security Research for IoT at Rapid 7 discusses his presentation at RSAC 2026 on AT command exploits and supply chain risk.

This episode of Inside the Network is unique because it is our very first show recorded live on the RSAC 2026 stage in front of security leaders, startup founders, and identity experts. For this episode, we had the privilege of sitting down with one of the most accomplished founders in cybersecurity, founder and CEO of SailPoint, Mark McClain.Cybersecurity is not an easy market to take a company public, and only the most successful founders have the opportunity to take a company public just once. Mark on the other hand has taken the same company public twice. He created the identity governance category from scratch, grew the company into a global identity security leader with more than $1 billion in ARR, over 3,000 employees, and customers across nearly half of the Fortune 500, took it public in 2017, private again with Thoma Bravo in a multi-billion-dollar transaction, and then back to the public markets in 2025.This episode explores one of the biggest questions in cybersecurity today: how do incumbents survive and win in the age of AI? Mark shares how large cybersecurity companies think about innovation, disruption, and adaptation in a world that's changing faster than ever before. We discuss whether incumbents can turn scale, distribution, and customer trust into long-term advantages, or whether AI creates the perfect opening for a new generation of startups to challenge established leaders. Throughout the conversation, Mark reflects on the evolution of identity security from compliance tooling into one of the most critical security control planes in the enterprise. We dive into the rise of non-human and agentic identities, why traditional governance models are breaking under the speed of AI, and how companies like SailPoint are adapting to a world where identities can be ephemeral, autonomous, and operating at machine speed.We also talk about building startups in Austin versus Silicon Valley, lessons from taking the same company public twice, the realities of operating as both a public-company CEO and a founder, and what early-stage founders continue to underestimate about enterprise cybersecurity markets. In closing, Mark shares candid advice for founders building in cybersecurity today: where startups still have a real edge, what markets are ripe for disruption, and why listening to customers remains the ultimate competitive advantage.You can watch the full video recording of this conversation on-stage at the RSAC 2026 Conference here: Inside the Network Live: Winning as an Incumbent in the Age of AI.

As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you're closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the board, we are selling. How can influence help? Dan Rochon, Author of Teach to Sell, joins Business Security Weekly to discuss psychology of influence, personal transformation, and how to build trust that converts. Dan will cover the four pillars from his book: Believe (in Yourself) Find Business Build an Organization to Scale Leadership And how they will help you overcome self-doubt, communicate confidently, and build careers that serve your life—not consume it. Segment Resources: Teach to Sell Book: https://www.teachtosellbook.com/ No Broke Months Podcast: https://podcasts.apple.com/us/podcast/no-broke-months-for-salespeople/id1527318879 The Agentic SOC: Autonomous AI Analysts at Machine Speed SOC teams are overwhelmed with the sheer number of alerts and have historically been reactive. Edward will discuss how Dropzone's Agentic SOC deploys autonomous AI agents that investigate every alert, respond to emerging threats, and proactively hunt attackers - without a human bottleneck. He'll explain how agent collaboration, deep recursive investigations, and self-agency expand SOC capacity by 10x without additional headcount. This segment is sponsored by Dropzone AI. Visit https://securityweekly.com/dropzonersac to learn more about them! Browser in the AI Era: Apply Controls Where the Work Happens The browser has become the primary gateway to work, data, and AI. In this episode, we talk about why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. We'll cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft. Visit https://securityweekly.com/microsoftrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-446

As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you're closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the board, we are selling. How can influence help? Dan Rochon, Author of Teach to Sell, joins Business Security Weekly to discuss psychology of influence, personal transformation, and how to build trust that converts. Dan will cover the four pillars from his book: Believe (in Yourself) Find Business Build an Organization to Scale Leadership And how they will help you overcome self-doubt, communicate confidently, and build careers that serve your life—not consume it. Segment Resources: Teach to Sell Book: https://www.teachtosellbook.com/ No Broke Months Podcast: https://podcasts.apple.com/us/podcast/no-broke-months-for-salespeople/id1527318879 The Agentic SOC: Autonomous AI Analysts at Machine Speed SOC teams are overwhelmed with the sheer number of alerts and have historically been reactive. Edward will discuss how Dropzone's Agentic SOC deploys autonomous AI agents that investigate every alert, respond to emerging threats, and proactively hunt attackers - without a human bottleneck. He'll explain how agent collaboration, deep recursive investigations, and self-agency expand SOC capacity by 10x without additional headcount. This segment is sponsored by Dropzone AI. Visit https://securityweekly.com/dropzonersac to learn more about them! Browser in the AI Era: Apply Controls Where the Work Happens The browser has become the primary gateway to work, data, and AI. In this episode, we talk about why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. We'll cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft. Visit https://securityweekly.com/microsoftrsac to learn more about them! Show Notes: https://securityweekly.com/bsw-446

As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you're closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the board, we are selling. How can influence help? Dan Rochon, Author of Teach to Sell, joins Business Security Weekly to discuss psychology of influence, personal transformation, and how to build trust that converts. Dan will cover the four pillars from his book: Believe (in Yourself) Find Business Build an Organization to Scale Leadership And how they will help you overcome self-doubt, communicate confidently, and build careers that serve your life—not consume it. Segment Resources: Teach to Sell Book: https://www.teachtosellbook.com/ No Broke Months Podcast: https://podcasts.apple.com/us/podcast/no-broke-months-for-salespeople/id1527318879 The Agentic SOC: Autonomous AI Analysts at Machine Speed SOC teams are overwhelmed with the sheer number of alerts and have historically been reactive. Edward will discuss how Dropzone's Agentic SOC deploys autonomous AI agents that investigate every alert, respond to emerging threats, and proactively hunt attackers - without a human bottleneck. He'll explain how agent collaboration, deep recursive investigations, and self-agency expand SOC capacity by 10x without additional headcount. This segment is sponsored by Dropzone AI. Visit https://securityweekly.com/dropzonersac to learn more about them! Browser in the AI Era: Apply Controls Where the Work Happens The browser has become the primary gateway to work, data, and AI. In this episode, we talk about why security and IT teams are rethinking the role of the browser and what sets Edge for Business apart as a secure, enterprise-ready solution. We'll cover how built-in security, native integration with existing IT tools, and centralized management can simplify operations, reduce risk, and support modern work across managed devices, BYOD, and contractors. A must listen for IT pros and security experts navigating browser sprawl and AI adoption. This segment is sponsored by Microsoft. Visit https://securityweekly.com/microsoftrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-446

Attackers are increasingly weaponizing frontier models to accelerate the entire attack lifecycle, with current and emerging models reducing the time and expertise needed to start disruptive attacks. As offensive capabilities become more automated and agentic, organizations will need security programs that are equally autonomous, coordinated and continuous. But where do you start? Mark Hughes, Global Managing Partner, Cybersecurity Services at IBM, joins Business Security Weekly to discuss autonomous security, the next frontier of cybersecurity services. IBM recently announced IBM Autonomous Security, a separate service that uses AI agents to analyze software exposures and runtime environments. Mark will discuss the fears and hype of AI and how agentic AI agents can identify paths in an enterprise security environment that can be exploited, improve cyber hygiene, and enforce security policies. As frontier models, like Mythos, accelerate attacks, security programs need to respond with speed, at scale, to drive the right business outcomes. AI Agents for Vulnerability Management Introducing Quantro Security, Inc., a new agentic AI solution bringing AI agents to vulnerability management. The company is focused on applying agentic AI to help address modern security challenges. In this interview, we'll learn more about Quantro Security, Inc., its approach, and what this new solution means for the future of vulnerability management. This segment is sponsored by Quantro Security. Visit https://securityweekly.com/quantrorsac to learn more about them! The Guardrails are Gone: The Onus for AI Security Is On the Enterprise AI model providers are increasingly stepping back from enforcing guardrails, putting the responsibility for AI security squarely on enterprises. But most organizations don't yet have the visibility to meet that responsibility, facing a blind spot across the broader ecosystem of AI systems already operating in their environments. Closing that gap requires unified visibility across both AI systems and the cryptographic infrastructure they touch, so security teams can assess risk and act on it in one place. Visit https://securityweekly.com/sandboxaqrsac to discover how enterprises are taking control of their AI security with AQtive Guard AI-SPM by SandboxAQ. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-445

In this episode, host Kim Coombes is joined by security experts John Chirillo and Rob Di Girolamo, along with Microsoft Security expert Robin Camirand, to unpack the most important insights from the RSAC 2026 Conference. The discussion covers the rapid rise of Agentic AI security, the need to defend at machine speed, and the industry's shift toward active defense as traditional response models struggle to keep up. The team also explores the growing importance of post-quantum cryptography as organizations prepare for the next phase of cryptographic risk. Throughout the conversation, the panel reflects on RSAC's defining theme, the “power of community,” and why collective defense is essential as threats become faster, more automated, and more complex. Whether you're tracking AI-driven risks, planning for quantum readiness, or looking for clear takeaways from RSAC 2026, this episode delivers practical insights from experienced security leaders. Moderator: Kimberlee Coombes, Security Solution Architect, Connection Guest: John Chirillo, Principal Security Architect, Connection Guest: Rob Di Girolamo, Senior Security Architect, Connection Guest: Robin Camirand, Inside Solution Architect and Microsoft Security SME, Connection   Show Notes 00:00 Introduction to RSAC 2026 Trends 02:43 AI as a Tool and Threat in Cybersecurity 05:22 Microsoft's Perspective on Identity and Security 08:27 AI as a New Attack Surface 10:58 The Future of Security Operations and SOC 13:31 AI-Driven Attacks and Vulnerability Management 16:17 Quantum Security: A Growing Concern 18:51 Final Thoughts and Future Considerations

Attackers are increasingly weaponizing frontier models to accelerate the entire attack lifecycle, with current and emerging models reducing the time and expertise needed to start disruptive attacks. As offensive capabilities become more automated and agentic, organizations will need security programs that are equally autonomous, coordinated and continuous. But where do you start? Mark Hughes, Global Managing Partner, Cybersecurity Services at IBM, joins Business Security Weekly to discuss autonomous security, the next frontier of cybersecurity services. IBM recently announced IBM Autonomous Security, a separate service that uses AI agents to analyze software exposures and runtime environments. Mark will discuss the fears and hype of AI and how agentic AI agents can identify paths in an enterprise security environment that can be exploited, improve cyber hygiene, and enforce security policies. As frontier models, like Mythos, accelerate attacks, security programs need to respond with speed, at scale, to drive the right business outcomes. AI Agents for Vulnerability Management Introducing Quantro Security, Inc., a new agentic AI solution bringing AI agents to vulnerability management. The company is focused on applying agentic AI to help address modern security challenges. In this interview, we'll learn more about Quantro Security, Inc., its approach, and what this new solution means for the future of vulnerability management. This segment is sponsored by Quantro Security. Visit https://securityweekly.com/quantrorsac to learn more about them! The Guardrails are Gone: The Onus for AI Security Is On the Enterprise AI model providers are increasingly stepping back from enforcing guardrails, putting the responsibility for AI security squarely on enterprises. But most organizations don't yet have the visibility to meet that responsibility, facing a blind spot across the broader ecosystem of AI systems already operating in their environments. Closing that gap requires unified visibility across both AI systems and the cryptographic infrastructure they touch, so security teams can assess risk and act on it in one place. Visit https://securityweekly.com/sandboxaqrsac to discover how enterprises are taking control of their AI security with AQtive Guard AI-SPM by SandboxAQ. Show Notes: https://securityweekly.com/bsw-445

Attackers are increasingly weaponizing frontier models to accelerate the entire attack lifecycle, with current and emerging models reducing the time and expertise needed to start disruptive attacks. As offensive capabilities become more automated and agentic, organizations will need security programs that are equally autonomous, coordinated and continuous. But where do you start? Mark Hughes, Global Managing Partner, Cybersecurity Services at IBM, joins Business Security Weekly to discuss autonomous security, the next frontier of cybersecurity services. IBM recently announced IBM Autonomous Security, a separate service that uses AI agents to analyze software exposures and runtime environments. Mark will discuss the fears and hype of AI and how agentic AI agents can identify paths in an enterprise security environment that can be exploited, improve cyber hygiene, and enforce security policies. As frontier models, like Mythos, accelerate attacks, security programs need to respond with speed, at scale, to drive the right business outcomes. AI Agents for Vulnerability Management Introducing Quantro Security, Inc., a new agentic AI solution bringing AI agents to vulnerability management. The company is focused on applying agentic AI to help address modern security challenges. In this interview, we'll learn more about Quantro Security, Inc., its approach, and what this new solution means for the future of vulnerability management. This segment is sponsored by Quantro Security. Visit https://securityweekly.com/quantrorsac to learn more about them! The Guardrails are Gone: The Onus for AI Security Is On the Enterprise AI model providers are increasingly stepping back from enforcing guardrails, putting the responsibility for AI security squarely on enterprises. But most organizations don't yet have the visibility to meet that responsibility, facing a blind spot across the broader ecosystem of AI systems already operating in their environments. Closing that gap requires unified visibility across both AI systems and the cryptographic infrastructure they touch, so security teams can assess risk and act on it in one place. Visit https://securityweekly.com/sandboxaqrsac to discover how enterprises are taking control of their AI security with AQtive Guard AI-SPM by SandboxAQ. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-445

Rami Sass is the co-founder and CEO at Mend.io. In this episode, he joins host Amanda Glassner from the 2026 RSA Conference to discuss what appsec teams get wrong, including the intricacies of securing and protecting AI assets and technologies, partnering with developer teams, and more. Securing The Build is brought to you by Mend.io, the leading application security solution, helping organizations reduce application risk efficiently. To learn more about our sponsor, visit https://mend.io.

In this episode of the Campus Technology Insider Podcast, Campus Technology Editor-in-Chief Rhea Kelly hosts Ed Skoudis, president of the SANS Technology Institute, to discuss how AI is reshaping cybersecurity and what it means for higher education. Skoudis says AI is now driving all five top emerging attack trends highlighted in SANS's RSAC keynote: increased zero-day exploits, expanded supply-chain risk, growing complexity in operational technology attacks, risks of irresponsible AI use in digital forensics and incident response, and the need to use AI defensively to keep pace with attackers' speed. He explains why higher ed is harder to defend due to diverse, open, cutting-edge environments and constrained budgets, and he recommends accelerated patching, AI-assisted incident response, rapid decision-making teams, frequent tabletop exercises, threat intelligence monitoring, and flexible AI workflows that can swap models as tools change. 00:00 Welcome and Guest Intro 00:29 Ed Skoudis Background 01:00 Steampunk Office Tour 02:24 Antiques Meet IoT 03:25 AI Drives Attack Trends 05:01 Higher Ed Under Fire 05:49 Five AI Shaped Attacks 09:51 Lessons from Finance 12:05 Speeding Up Response 15:32 Training for AI Defense 18:00 AI Toolkit and Model Flexibility 22:01 Budget Priorities Patching First 25:39 Crystal Ball Rough Years Ahead 29:53 Zero Vulnerabilities Vision 31:22 Prepare with AI Strategy 34:16 Closing and Where to Listen Resource links: SANS Technology Institute SANS Institute's Top 5 Most Dangerous New Attack Techniques SANS free cybersecurity resources Internet Storm Center Music: Mixkit Duration: 35 minutes Transcript (coming soon)

Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware's Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-456

Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware's Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-456

Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware's Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them! Show Notes: https://securityweekly.com/esw-456

The floor at RSAC Conference 2026 had one dominant frequency, and it was not subtle. Every booth, every hallway, every late-night conversation kept circling back to the same question: how do enterprises adopt AI agents without losing control of them? In a post-conference follow-up, Itamar Apelblat, Co-Founder and CEO of Token Security, translates what he heard on the ground into what the data now confirms. Token Security arrived at RSAC with a fresh set of findings, produced in collaboration with the Cloud Security Alliance and released alongside the event. The report, Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises, puts numbers to what practitioners already suspected: 65 percent of organizations have experienced an AI agent-related incident in the past twelve months, and 82 percent discovered agents running in their environment that no one had authorized. Only 21 percent have a formal process for decommissioning agents — a gap Itamar Apelblat flags as a low-hanging attack path. The short version from the conversation: visibility is the starting line, not the finish line, and the path from discovery to intent-based enforcement is where most programs are stuck. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Itamar Apelblat, Co-Founder and CEO, Token Security | https://www.linkedin.com/in/itamar-apelblat/ RESOURCES Learn more about Token Security: https://www.token.security/ Download the CSA + Token Security Report — Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises: https://cloudsecurityalliance.org/artifacts/autonomous-but-not-controlled-ai-agent-incidents-now-common-in-enterprises Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Itamar Apelblat, Token Security, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, AI agents, agentic AI, non-human identity, identity security, shadow AI, CSA report, Cloud Security Alliance, intent-based access, AI agent governance, agent decommissioning, RSAC Conference 2026 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This week: Larry's in the host seat and chaos ensues. We dig into: A very questionable story about tracking a warship with a $5 Bluetooth tracker Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes New York regulators mandating MFA and asset inventory—aka CIS Control #1 is now breaking news A ransomware negotiator who decided to double-dip (and landed in prison) “Brand new” hard drives that come preloaded… with someone else's data The Vercel breach: no zero-day, just shadow IT, stolen tokens, and bad decisions AI-driven vulnerability discovery and the looming “vulnpocalypse” Quantum crypto debates: real threat or just another security boogeyman? Mirai is STILL alive—because apparently we still don't patch routers And yes… Flipper Zero makes an appearance (no, you're not hacking airplanes… calm down) Then, we rebroadcast an interview from RSAC. Breach Readiness for Measurable Risk Reduction in the Age of AI Cyber leaders no longer debate whether a breach will occur. What has changed is the speed and scale at which AI now enables those breaches. The real question is how far an attacker can move once inside. In this conversation, Rajesh Khazanchi explores why breach readiness, including AI-assisted containment, measurable blast radius reduction, and pervasive microsegmentation, has become mission-critical for business continuity in 2026. This segment is sponsored by ColorTokens. Visit https://securityweekly.com/colortokensrsac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-923

The Cybercrime Magazine team attended RSAC 2026. In this episode, Amanda Glassner, Deputy Editor, and Sam White, Video Editor, join host Paul John Spaulding to discuss this year's highlights, including the many projects completed, prizes won, and more. The Cybercrime Magazine Update covers the latest projects and developments at Cybercrime Magazine. For more on cybersecurity, visit us at https://cybersecurityventures.com

This week: Larry's in the host seat and chaos ensues. We dig into: A very questionable story about tracking a warship with a $5 Bluetooth tracker Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes New York regulators mandating MFA and asset inventory—aka CIS Control #1 is now breaking news A ransomware negotiator who decided to double-dip (and landed in prison) "Brand new" hard drives that come preloaded… with someone else's data The Vercel breach: no zero-day, just shadow IT, stolen tokens, and bad decisions AI-driven vulnerability discovery and the looming "vulnpocalypse" Quantum crypto debates: real threat or just another security boogeyman? Mirai is STILL alive—because apparently we still don't patch routers And yes… Flipper Zero makes an appearance (no, you're not hacking airplanes… calm down) Then, we rebroadcast an interview from RSAC. Breach Readiness for Measurable Risk Reduction in the Age of AI Cyber leaders no longer debate whether a breach will occur. What has changed is the speed and scale at which AI now enables those breaches. The real question is how far an attacker can move once inside. In this conversation, Rajesh Khazanchi explores why breach readiness, including AI-assisted containment, measurable blast radius reduction, and pervasive microsegmentation, has become mission-critical for business continuity in 2026. This segment is sponsored by ColorTokens. Visit https://securityweekly.com/colortokensrsac to learn more about them! Show Notes: https://securityweekly.com/psw-923

Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to rethink cyber literacy. Craig Taylor, CEO and Co-founder at CyberHoot, joins Business Security Weekly to discuss why we need to shift our Cyber Literacy industry from shame and punishment towards gamification, positive reinforcement, and small rewards. If we truly aspire to change behaviors, then we need a different approach. Craig will discuss how a multi-disciplinary approach rooted in science is the future of training and phishing programs. Segment Resources: Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/ Newsletter Registration: https://cyberhoot.com/newsletters/ Blog Articles: https://cyberhoot.com/blog/ Cybrary (Library of 1000+ Cybersecurity Terms in non-technical language): https://cyberhoot.com/cybrary/ Special Podcast Offer: 20% off CyberHoot for 1 year using the podcast's unique coupon code: "Business Security Weekly" From Reactive to Autonomous: Real-Time Endpoint Intelligence in the Age of AI As organizations experiment with agentic AI and autonomous security operations, many are discovering a difficult reality: AI is only as effective as the data and visibility behind it. Yet most enterprises still struggle to answer basic questions about their endpoints in real time. In this conversation, we'll explore how IT and security teams are evolving from reactive operations toward proactive, preventative, and ultimately autonomous models. The journey begins with real-time endpoint intelligence—the ability to see, understand, and act across every endpoint in seconds. This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumrsac to learn more about them! Hard Truths: The Lies We Keep Buying in Cybersecurity Cybersecurity isn't broken because of a lack of technology—it's broken because the industry avoids hard truths. Fear still drives budgets. AI is oversold as a cure‑all while foundations remain weak, and CISOs are held accountable without the authority to change outcomes. In this conversation, Illumio CEO and founder Andrew Rubin breaks down what must change to build real resilience—because the next breach won't just impact the business, it could end a career. For more information about Illumio, please visit: https://securityweekly.com/illumiorsac Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-444

Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to rethink cyber literacy. Craig Taylor, CEO and Co-founder at CyberHoot, joins Business Security Weekly to discuss why we need to shift our Cyber Literacy industry from shame and punishment towards gamification, positive reinforcement, and small rewards. If we truly aspire to change behaviors, then we need a different approach. Craig will discuss how a multi-disciplinary approach rooted in science is the future of training and phishing programs. Segment Resources: Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/ Newsletter Registration: https://cyberhoot.com/newsletters/ Blog Articles: https://cyberhoot.com/blog/ Cybrary (Library of 1000+ Cybersecurity Terms in non-technical language): https://cyberhoot.com/cybrary/ Special Podcast Offer: 20% off CyberHoot for 1 year using the podcast's unique coupon code: "Business Security Weekly" From Reactive to Autonomous: Real-Time Endpoint Intelligence in the Age of AI As organizations experiment with agentic AI and autonomous security operations, many are discovering a difficult reality: AI is only as effective as the data and visibility behind it. Yet most enterprises still struggle to answer basic questions about their endpoints in real time. In this conversation, we'll explore how IT and security teams are evolving from reactive operations toward proactive, preventative, and ultimately autonomous models. The journey begins with real-time endpoint intelligence—the ability to see, understand, and act across every endpoint in seconds. This segment is sponsored by Tanium. Visit https://securityweekly.com/taniumrsac to learn more about them! Hard Truths: The Lies We Keep Buying in Cybersecurity Cybersecurity isn't broken because of a lack of technology—it's broken because the industry avoids hard truths. Fear still drives budgets. AI is oversold as a cure‑all while foundations remain weak, and CISOs are held accountable without the authority to change outcomes. In this conversation, Illumio CEO and founder Andrew Rubin breaks down what must change to build real resilience—because the next breach won't just impact the business, it could end a career. For more information about Illumio, please visit: https://securityweekly.com/illumiorsac Show Notes: https://securityweekly.com/bsw-444

RSAC Conference 2026 is in the books, and the post-event read is familiar. More vendors, more AI-driven marketing, more noise, and a buyer-side audience that increasingly cannot tell who to trust. Michael Parisi, Chief Growth Officer at Steel Patriot Partners, joins ITSPmagazine for a quick post-event catch-up on what he walked away with, and what is quietly shifting underneath all that volume. The headline takeaway is what Michael Parisi calls the "fog of more." Marketing has done its job too well. CISOs and business leaders facing real decisions cannot tell competing solutions apart, do not know where to start, and are not sure their current stack is even the right one. Too much information has become its own information problem. What is shifting, according to Michael Parisi, is where the meaningful conversations actually happen. Closed-door, hallway, and dinner conversations have always existed at RSAC Conference, but more people are now openly recognizing that this is where the real industry decisions get made. That recognition is changing how teams plan to engage with future conferences and industry events. For Steel Patriot Partners, which describes itself as business owners first, engineers second, and security and compliance practitioners third, that is exactly the conversation they want to be in. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Michael Parisi, Chief Growth Officer, Steel Patriot Partners | https://www.linkedin.com/in/michael-parisi-4009b2261/ RESOURCES Learn more about Steel Patriot Partners: https://www.steelpatriotpartners.com Steel Patriot Partners Assistance Center: https://www.steelpatriotpartners.com View all of our RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac26 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Michael Parisi, Steel Patriot Partners, Marco Ciappelli, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, RSAC Conference 2026, RSAC, cybersecurity compliance, fog of more, vendor noise, CISO, GRC, cybersecurity advisory, FedRAMP, CMMC, HITRUST, AI security marketing, hallway conversations, post RSAC Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Rami Sass is the co-founder and CEO at Mend.io. In this episode, he joins host Amanda Glassner from the 2026 RSA Conference to discuss AI's impact on the appsec threat model, including how models and agents are less predictable, the unintentional results of these systems, and more. Securing The Build is brought to you by Mend.io, the leading application security solution, helping organizations reduce application risk efficiently. To learn more about our sponsor, visit https://mend.io.

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-455

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-455

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Show Notes: https://securityweekly.com/esw-455

This was my twelfth RSA Conference. I know that because I remember the first one, 2012, and I've been counting ever since — not out of habit, but because each year feels like a chapter in a longer story I'm trying to read in real time. Twelve years of standing in that same building in San Francisco, watching an industry evolve, stumble, reinvent itself, and occasionally look in the mirror. In the early years it was pure technology. Cryptography, protocols, threat vectors, the architecture of defense. The conversations were technical, the energy was almost academic, the suits were slightly more formal. Then something shifted — gradually, then all at once, the way things usually do. The industry started talking about people. About culture. About the human beings sitting behind the keyboards and the very human mistakes they were making. The themes started reflecting it: community, togetherness, collective defense. Stronger Together. The Human Element. The Power of Community. Year after year, the message from the main stage was some variation of: we are more than our tools. People are what matter. Connection is the point. And then you'd walk the expo floor and see the booths. I'm not being cynical. The community is real — I've felt it, in the hallway conversations, in the side events, in the faces of people I've been running into for a decade who are genuinely trying to make the digital world safer. That part is true and it matters. But there's a growing gap between what the theme says and what the stage performs. And at RSAC 2026, that gap became impossible to ignore. Because this year, while the badge said The Power of Community, the keynotes were almost entirely about agents. Non-human ones. I wrote about this from a different angle in my first piece from RSAC — the Blade Runner angle, the NPC angle, the question of identity and intent when you can no longer tell the difference between a human action and an autonomous one. But there's another layer underneath that deserves its own space. It's the pattern. The twelve-year arc. An industry spends years — genuinely, sincerely — rediscovering the human element. Putting people at the center. Building a vocabulary around community, ethics, shared responsibility. And then, in what feels like a single conference cycle, it pivots to deploying a parallel workforce of non-human identities that outnumber us in our own systems, operate at speeds no human can follow, take actions no human directly authorized, and — here's the part that should make everyone pause — that a significant portion of organizations deploying them cannot monitor, cannot fully distinguish from human activity, and in many cases cannot stop once they're running. We built the community. Then we populated it with agents and handed them the keys. I kept thinking, walking those corridors, about the resistance. Not as a metaphor — or not only as a metaphor. In every story we've ever told about machines that gained too much autonomy, there's always a moment before the crisis where someone in the room knew. Where the warning existed. Where the design decision was made anyway because the pressure to ship, to scale, to compete was stronger than the instinct to pause. The difference between those stories and this moment is that we're not watching it happen to fictional characters. We're the ones making the design decisions. And unlike software — which you can patch, roll back, update at 3am while everyone is asleep — agents with autonomy and access are a different category of thing entirely. The old mantra of move fast and break things made a certain kind of sense when what you were breaking was a feature. It makes no sense at all when what you're deploying can act, chain consequences, and escalate — faster than any human response team can follow. This is where Asimov becomes relevant again. Not as nostalgia, not as science fiction trivia, but as a genuine design philosophy that the industry would do well to remember. His Three Laws of Robotics weren't invented as a plot device. They were a thought experiment in ethics-by-architecture — what does it look like to build the values into the system before the system runs, rather than hoping to correct the values after something goes wrong? He spent decades of stories showing that even the most carefully designed ethical constraints produce edge cases, contradictions, unintended consequences. But the point was never that ethics-by-design is perfect. The point was that without it, you don't have a fighting chance. We are, right now, at the moment before the laws get written. Some people at RSAC were saying this clearly — not from the main stage, but in the rooms and conversations where the more honest thinking tends to happen. The guardrails exist. The frameworks are being built. But they're being built while the deployment is already running, while the agents are already in the systems, while the governance structures are catching up to a reality that moved faster than the institutional response. That gap is the real story of RSAC 2026. Not the products. Not the keynote soundbites. The gap between the speed of deployment and the maturity of the thinking around what we're actually deploying. The community theme was right, actually — just not in the way the branding intended. The most important community at RSAC 2026 wasn't on the main stage. It was the quieter one: the engineers, researchers, practitioners, and security leaders who understand that we are at an inflection point, and that the decisions made in the next few years about how to design, govern, and constrain autonomous systems will matter far beyond the conference floor in San Francisco. Utopia and dystopia are not predetermined destinations. They're design outcomes. We still get to choose the architecture. But the window for making that choice thoughtfully — rather than reactively, in the middle of a crisis that moved faster than our guardrails — is not as wide as we might like to think. Asimov knew that. He wrote the laws before the robots ran. Maybe it's time we did the same. Stay imperfect, stay human. — Marco Let's keep exploring what it means to be human in this Hybrid Analog Digital Age. End of transmission. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing spectacle, and industry tension as AI becomes the new "cool kid." They discuss the surge of autonomous agents, including OpenClaw-style experimentation leading to stolen tokens and the ease of social-engineering LLMs, plus legal and brand risks of chatbots after the Air Canada precedent. The panel debates Anthropic's source-code leak and "Mythos" messaging, while acknowledging AI tools are finding real zero-days amid massive technical debt and rising exploit speed, raising questions about liability and EU accountability. They highlight a positive case: Stryker Medical's rapid recovery after 80,000 devices were wiped via Intune settings, and note additional incidents targeting healthcare, critical infrastructure PLCs, supply-chain attacks, and longer-term impacts from major source-code thefts. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst   00:00 Show Intro Sponsor 00:22 Panel Welcome Setup 01:56 RSAC Vibes Agentic AI 03:19 Conference Hype Booths 06:32 AI Free Fridays Skills 08:12 Marketing Hype Filters 11:38 Agent Networks Gone Wild 16:00 Social Engineering LLMs 19:45 Chatbots Liability Law 23:13 Anthropic Leak Mythos 25:17 AI Code Quality Debate 29:28 Technical Debt Bug Mining 30:40 AI Hacking Era 32:09 Paying Down Tech Debt 32:54 Software Liability Shift 34:24 AI Pen Testing Scale 37:53 Token Costs and Proof 40:08 Canary Traps and Ethics 41:26 Blast Radius Resilience 44:17 Stryker Wipe Recovery 46:52 More Attacks Recap 50:07 Fast Cheap Code Debate 53:26 War Rules and Agents 56:32 Back to Basics Close 01:00:18 Final Thanks Sponsor

Do Androids Dream of Security Patches? Reflections from RSAC 2026 — Walking the Floor of the Agentic World   Marco Ciappelli Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly |

In 2025, Torq brought a monster truck to RSAC. And Don Jeter, Torq's CMO, will be the first to tell you: nobody's buying an AI SOC platform because of a grave digger in the booth. In this episode, Ron sits down with Don to discuss what Torq is actually doing in a category packed with 60 near-identical vendors, and why "the epidemic of sameness" is the real threat to every cybersecurity brand right now. Don explains why Torq builds everything in-house, why he starts every strategy by listening instead of pitching the product, and why the only differentiator left in cyber marketing is how much you genuinely care. It's a conversation about brand, but it's really a conversation about trust, community, and what it takes to make a CISO text you back.   Impactful Moments 00:00 - Introduction 03:50 - How Don landed at Torq 06:09 - What the Torq brand stands for 07:41 - Giving cybersecurity pros their flowers 09:09 - Cookie-cutter booths, cookie-cutter brands 12:00 - Why Torq built everything in-house 15:34 - Start with listening, not the product 18:13 - "We have to out-care the other teams" 21:45 - Nobody buys because of a monster truck 24:06 - Welcome to the experience age 28:30 - Entertain them or lose them Links Connect with our guest, Don Jeter, on LinkedIn: https://www.linkedin.com/in/donjeter/  Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, joins Business Security Weekly to discuss why not all CISO gigs are created equal. As a "technical" CISO in a foreign country, Joanna realized that not all of her peers came from a technical background, like herself. It's a broad world and the CISO role varies a lot. Joanna will discuss how to understand the various CISO roles and discuss the skills that are makers and breakers. Managing Cyber Risk as Financially Motivated Attacks Grow The ransomware and eCrime landscape continue to evolve at a rapid pace. ESET's global research team has been closely following ransomware gang disruptions and their use of EDR Killers to disable cybersecurity tools. In this interview, Tony Anscombe will take a look into recent research, and explore how the industry and businesses are responding to combat financial risk and mitigate threats. This segment is sponsored by ESET. Visit https://securityweekly.com/esetrsac to learn more about them! Attack Surface Just Got a Copilot AI adoption is accelerating faster than most organizations can secure it — and the consequences are showing up in email inboxes, collaboration platforms, and the shadow tools employees use every day. According to Mimecast's State of Human Risk 2026, 80% of organizations are concerned about sensitive data exposure through generative AI tools, yet 60% still lack strategies to address AI-driven threats. The result is a growing gap between the security investments organizations are making and the protection they're actually getting. In this conversation, Rob Juncker will explore why human behavior has become the defining variable in enterprise cybersecurity, how shadow AI is creating new data exposure and insider risk vectors, and what it takes for security architectures to adapt in real time — without slowing down the business. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastrsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-443

If you walked RSAC Conference 2026 expecting incremental updates, you left with something very different. Thyaga Vasudevan, EVP, Product at Skyhigh Security, describes this year as unlike any prior conference -- not because of a single announcement, but because the customers asking how to secure agentic AI were the same customers already building and deploying it. The urgency was real, immediate, and universal across organization sizes. The defining theme was agentic security. Vasudevan frames it around three core questions every security team now needs to answer: who is acting (agent identity), what are they accessing (data and APIs), and what are they trying to do (actions and permissions). The ChatGPT launch in November 2022 marked a generational shift -- and at RSAC 2026, Skyhigh Security observed that the industry had moved decisively from data-in and data-out protection to governing the actions of autonomous agents themselves. Data sovereignty was the other major conversation thread, driven by geopolitical realities and tightening regional data regulations. Vasudevan spoke with CISOs from financial services, healthcare, public sector, and not-for-profit organizations, each with different infrastructure approaches -- from on-prem data centers to sovereign clouds to full cloud deployments -- but all navigating the same fundamental challenge. DSPM and hybrid architectures are no longer optional for global enterprises. And quietly but significantly, browser security emerged as a front-and-center priority, reflecting the browser's growing role as a primary cloud endpoint. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Thyaga Vasudevan, EVP, Product, Skyhigh Security LinkedIn: https://www.linkedin.com/in/thyaga12/ RESOURCES Skyhigh Security: https://www.skyhighsecurity.com RSAC Conference 2026 Coverage: https://itspmagazine.com/rsac26 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Thyaga Vasudevan, Skyhigh Security, Sean Martin, Marco Ciappelli, brand story, brand marketing, marketing podcast, brand highlight, agentic AI security, data sovereignty, SSE, Security Service Edge, DSPM, zero trust, browser security, cloud security, RSAC Conference 2026, RSAC 2026, AI agent security, MCP security Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Anthony Cusimano, Director of Solutions Marketing at Object First, joined Sean Martin and Marco Ciappelli for a post-RSAC Conference 2026 recap -- and his observations from the show floor offer a window into how the security industry is evolving. One of the most telling details came from just outside the Moscone Center, where a company had set up an AI-free zone: a place for attendees to catch their breath from the wall-to-wall AI messaging dominating the event. That detail points to something bigger. The AI hype cycle that peaked over the past two years is giving way to a more demanding audience. At RSAC Conference 2026, Cusimano heard a different kind of question: not whether a company uses AI, but whether it uses it responsibly -- and whether zero trust principles are baked in. The novelty is gone; accountability is what the floor was asking for. For Object First, the shift in booth conversations has been even more meaningful. The question that used to greet them -- why is a backup storage company at a security conference? -- has been replaced by relief that they are there at all. Organizations now understand that backup and backup storage sit at the core of resilience and recovery. Cusimano described a floor full of teams thinking proactively, evaluating solutions before a crisis forces the decision. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Anthony Cusimano, Director of Solutions Marketing, Object First LinkedIn: https://www.linkedin.com/in/anthonycusimano89/ RESOURCES Object First website: https://objectfirst.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Anthony Cusimano, Object First, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, immutable backup storage, ransomware protection, Ootbi, Veeam backup, zero trust, data resilience, RSAC Conference 2026, cybersecurity, backup security, data recovery, edge security, fleet manager Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Segment 1: We cover the weekly enterprise news! Segment 2: RSAC interviews from ArmorCode and Filigran ArmorCode: AI Exposure Management and Governing Shadow AI AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer workflows, agents and MCP servers, security leaders must enable innovation without losing control over risk, accountability and oversight. In this segment, ArmorCode will discuss its new AI Exposure Management (AIEM) solution, as part of the ArmorCode Agentic AI Platform. ArmorCode will highlight how AIEM gives enterprises clearer visibility into where AI is being used, who owns it and the potential risks it introduces across heterogeneous environments. By turning AI usage and signals from existing security and IT systems into governed, auditable outcomes, AIEM helps organizations reduce shadow AI risk, assign accountability and accelerate AI adoption with stronger control and board-ready governance. ArmorCode will also share findings from its new 2026 State of AI Risk Management report, developed in partnership with The Purple Book Community and based on responses from more than 650 enterprise security leaders. The discussion will connect ArmorCode's latest product innovation to the broader industry need for scalable, enterprise-ready AI risk governance. ArmorCode AI Exposure Management is available now as a solution deployed on the ArmorCode Agentic AI Platform. To learn more, visit https://securityweekly.com/armorcodersac. Beyond IOCs: A Framework for High-Impact Cyber Threat Intelligence In a time where the ability to turn intelligence into decisive action is a true competitive advantage, organizations must move beyond reactive alert triage to a proactive, threat-informed defense. This segment explores how unifying threat intelligence with adversarial attack simulation enables a Continuous Threat Exposure Management (CTEM) framework that replaces hype with measurable outcomes. We will discuss why these are no longer just technical security conversations, but critical business strategies that provide the board and C-suite with the clarity and confidence to reduce risk and focus resources where they matter most. This segment is sponsored by Filigran. Visit https://securityweekly.com/filigranrsac to learn more about them! Segment 3: RSAC interviews with Sekioa and Fortra Agentic AI: Don't Make Your SOC Faster at Being Wrong Adding AI agents to an unprepared SOC doesn't make it smarter; it just makes it "faster at being wrong." Georges Bossert challenges the industry hype to explain why true autonomy relies on reliable context and structured runbooks, not just prompts. He will discuss how to build the necessary foundations to automate rapidly without losing control. This segment is sponsored by Sekoia.io. Visit https://securityweekly.com/sekoiarsac to discover their AI SOC Platform! Scripted Sparrow: A Prolific BEC Group In December, Fortra Intelligence and Research Experts (FIRE) released a major report exposing Scripted Sparrow, one of the most active Business Email Compromise (BEC) collectives operating today. The group sends an estimated 6 million highly targeted scam emails each month, impersonating executive coaching firms and leveraging spoofed reply chains, missing attachment lures, and evolving multilingual campaigns. FIRE's investigation links the collective to 119 domains, 245 webmail accounts, and 256 bank accounts, with members operating across three continents and continually refining their fraud techniques at scale. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-454

The Treasury Secretary and Fed Chair summon bankers over AI concerns. A hacker claims more than 10 petabytes stolen from China's National Supercomputing Center. Recalibrating the quantum timeline. Researchers demo prompt injection against Apple Intelligence. Payroll Pirates target Canadians. Gmail gets end-to-end encryption on mobile devices. A Chrome update fixes critical vulnerabilities. A Pennsylvania cop admits creating more than 3,000 AI-generated pornographic deepfakes. Our guest is Henry Comfort, Co-Founder and CEO of Geordie AI, winner of this year's RSAC Innovation Sandbox.  FCC floats firmer filters for fraudulent phone calls. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Dave shares coverage of the RSAC 2026 Innovation Sandbox and his conversation with Henry Comfort, Co-Founder and CEO  from the winner of “Most Innovative Startup” Geordie AI. We tip our hats to this year's finalists. Selected Reading Bessent and Powell's A.I. Anxiety  (The New York Times) Court Backs Pentagon Anthropic Ban - But the Fight Continues (GovInfo Security) A hacker has allegedly breached one of China's supercomputers and is attempting to sell a trove of stolen data (CNN) Why is the timeline to quantum-proof everything constantly shrinking? (CyberScoop) Microsoft: Canadian employees targeted in payroll pirate attacks (Bleeping Computer) Google rolls out Gmail end-to-end encryption on mobile devices (Bleeping Computer) Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000  (SecurityWeek) Police corporal created AI porn from driver's license pics (Ars Technica) FCC proposes new rule to further crackdown on illegal robocalls (The Record) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A fake WhatsApp spreads spyware. The State Department pushes embassies to counter influence ops. Cisco patches critical bugs. CrystalRAT hits Telegram. A Texas hospital breach affects 250,000. HHS reshuffles IT oversight. China-linked spies target Europe. EvilTokens hijacks Microsoft accounts. Ransomware hits a North Dakota water plant. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk. Tales of a tortoise's termination have been greatly exaggerated.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sumedh Thakar, President and CEO of Qualys, discusses how cybersecurity is shifting toward managing real business risk amid rapid technological change. If you enjoyed this interview, check out the full conversation here. Selected Reading WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker (TechCrunch) Trump Officials Try to Fight Foreign Disinformation They Once Dismissed (The New York Times) Cisco Patches Critical and High-Severity Vulnerabilities (SecurityWeek) New CrystalRAT malware adds RAT, stealer and prankware features (Bleeping Computer) 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital (SecurityWeek) HHS Shuffles Internal Cyber, AI Oversight Back to CIO Office (GovInfo Security) European-Chinese geopolitical issues drive renewed cyberespionage campaign (CyberScoop) New EvilTokens service fuels Microsoft device code phishing attacks (Bleeping Computer) North Dakota water treatment plant reports March ransomware attack (The Record)  World's oldest tortoise caught in viral crypto death scam | St Helena (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran's cyber campaign continues. North Korea targets the axios NPM package. Cisco suffers a Trivy-related breach. Claude's code leak unveils broad capabilities. The DOD's zero-trust efforts are slow-going. A proposed class action suit accuses Perplexity of oversharing. Google patches another Chrome zero-day. The FBI warns against using foreign-developed mobile apps. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. A city circulates cameras to cultivate crime control.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Christy Wyatt, CEO from Absolute Security, discussing why cyber risk is now a business continuity problem. If you enjoyed this conversation, tune in here to listen to the full interview. Selected Reading Iran's hackers are on the offensive against the US and Israel (Ars Technica) Cisco Source Code and AWS Keys Stolen in Trivy Supply Chain Attack (Beyond Machines) Claude Code's source reveals extent of system access (The Register) Pentagon's Zero Trust Push Faces a 2027 Reality Check (GovInfo Security) Perplexity AI Machine Accused of Sharing Data With Meta, Google (Bloomberg) Google fixes fourth Chrome zero-day exploited in attacks in 2026 (Bleeping Computer) FBI warns against using Chinese mobile apps due to privacy risks (Bleeping Computer) North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack (Google Cloud Blog)  Silicon Valley city to give residents doorbells equipped with cameras (The Guardian) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iranian-linked hackers warn of possible “irreparable” attacks on U.S. water systems. CISA pushes urgent fixes for a critical Citrix flaw. The Dutch Finance Ministry takes systems offline after a breach. Space Force may scrap next-gen GPS control software. Attackers exploit a Fortinet server bug. Lloyds exposes customer transaction data. AI and regulation reshape cyber careers. The FTC settles with a dating app over data sharing. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discusses Iran's shift to identity weaponization. Wikipedia wrestles with a wayward writer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Sam Rubin, SVP, Palo Alto Networks Unit 42 Consulting and Threat Intelligence, discussing Iran's shift to identity weaponization. If you enjoyed this conversation, tune in here to listen to the full conversation. Selected Reading Iranian Cyberthreats Test US Infrastructure Defenses (BankInfo Security) CISA tells federal agencies to patch Citrix NetScaler bug by Thursday (The Record) Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation (Security Affairs) After 16 years and $8 billion, the military's new GPS software still doesn't work (Ars Technica) Exploitation of Critical Fortinet FortiClient EMS Flaw Begins (SecurityWeek) Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers (Infosecurity Magazine) SANS Research: The Cybersecurity Talent Shortage Narrative Is Wrong. The Real Crisis Is Skills, and AI Just Rewrote the List. (Yahoo Finance) FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party (FTC) Business Briefing (N2K Pro)  An AI Agent Was Banned From Creating Wikipedia Articles, Then Wrote Angry Blogs About Being Banned (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-linked hackers claim a breach of the FBI director's personal email. ShinyHunters hit the European Commission. F5 and Citrix warn of actively exploited flaws. A WordPress plugin exposes hundreds of thousands of sites. Infinity Stealer targets macOS users. A Russian APT adopts a new iOS exploit kit. Treasury weighs a cyber insurance backstop. DHS clears suspended CISA staff. Our guest is Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. Bureaucrats bless a black-box behemoth. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We will be sharing a series of interviews we held at RSAC 2026 over the next few weeks. Today, Dave Bittner is joined by Brian Long, CEO and Co-Founder of Adaptive Security, discussing deepfake job hires and the new identity attack surface. AI-generated identities are turning the hiring process into a new entry point for attackers. The solution isn't spotting perfect fakes — it's building stronger identity verification into hiring. Tune into the full conversation here. Selected Reading Iran-linked hackers breach FBI director's personal email, publish photos and documents European Commission confirms data breach after Europa.eu hack Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now Critical Citrix NetScaler Vulnerability Exploited in the Wild - Infosecurity Magazine File read flaw in Smart Slider plugin impacts 500K WordPress sites New Infinity Stealer malware grabs macOS data via ClickFix lures Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit - SecurityWeek US Treasury Weighs Cyber Insurance Backstop - GovInfoSecurity DHS drops investigation into former acting CISA chief's failed polygraph exam - Nextgov/FCW Federal Cyber Experts Thought Microsoft's Cloud Was “a Pile of Shit.” They Approved It Anyway Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

RSAC wraps. CISA warns shutdown furloughs are weakening cyber defenses. China-linked actors burrow into global telecom infrastructure. Iran's Pay2Key resurfaces. India probes suspected Pakistan-linked CCTV spying. Florida suspends a firm over offshore medical data exposure. Cisco patches fresh flaws. Russian police arrest the alleged LeakBase operator. Intern Kevin files his latest man-on-the street report. Google gets grabby with your homepage.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest aka Intern Kevin Intern Kevin is back from the floor at RSAC 2026. By day, he's Global Director of Cybersecurity Startups at Microsoft for Startups, but this week, Kevin Magee is trolling the floor at RSAC to get the pulse of what is really happening in and around the Moscone Center. Kevin chats with Ann Johnson, Corporate Vice President and Executive Security Advisor at Microsoft, David Shipley, Chief Executive Officer and Field CISO at Beauceron Security , and Dr. Jessica Barker and FC, Co-Founders and Co-CEOs at Cygenta. Selected Reading RSAC Cryptographers' Panel Highlights AI Defense Challenges (GovInfo Security) Only Trump can decide when cyberwar turns into real war (The Register) Jen Easterly, cybersecurity's 'relentless optimist' (The Register) CISA Forced Into 'Reactive' Cyber Posture Amid Shutdown (GovInfo Security) Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure (SecurityWeek) Iran-Linked Pay2Key Ransomware Group Re-Emerges (Infosecurity Magazine) Indian government probes CCTV espionage operation linked to Pakistan (The Register) Florida Suspends Firm for Unlawfully Offshoring Claims Data (GovInfo Security) Cisco Patches Multiple Vulnerabilities in IOS Software (SecurityWeek) Russia arrests suspected owner of LeakBase cybercrime forum (Bleeping Computer) Google Just Patented The End Of Your Website (Forbes) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices