Podcasts about snyk

O lançamento do Aardvark marcou mais um passo na integração entre Application Security e Inteligência Artificial. Mas o que isso realmente significa para o futuro da segurança de software? Neste episódio, exploramos como soluções baseadas em IA estão transformando a forma como detectamos, priorizamos e corrigimos vulnerabilidades — e o que muda no papel do profissional de AppSec diante dessa automação crescente. Conversamos sobre riscos, oportunidades e limites éticos dessa evolução: da triagem automatizada à geração de código seguro, passando por frameworks que prometem “segurança autônoma”. No fim, a pergunta permanece: estamos prontos para confiar à IA a defesa das nossas aplicações?Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Conviso, Gold Security, Digitalwolk e PurpleBird Security.

In this episode, Seth and Ken debate OpenAI's Atlas browser, which embeds AI into web browsing. Ken views it as a major privacy concern, potentially accelerating invasive data collection and surveillance. Seth noted that new browsers historically have critical flaws. They acknowledged that AI is very useful for generic and technical internet searches. They discussed the Co-Fish attack, a phishing vulnerability in Microsoft Copilot Studio that could exfiltrate access tokens via a seemingly valid Microsoft URL. Finally, they noted that big companies like Snyk and Black Duck are moving toward agentic AI capabilities, confirming the industry trend.

It's State from SNYK with Eru from @Diehardknickspc, back with another Die Hard State Of Mind Episode!The Knicks fall 115-107 to the Miami Heat, and we're breaking it all down — the good, the bad, and everything in between. We take a deep dive into the team's performance, the numbers that stand out, and who showed up on the court.Jalen Brunson was my Player of the Game — we talk about his impact, his stats, and why he continues to carry this squad.We also get into the recent NBA gambling scandal, what it means for the league and the players, and wrap up with a real conversation Is Jalen Brunson a superstar?

Guy spent 2 years and $4M building Snyk to $100K ARR. Thousands of developers loved the product. They just wouldn't pay.Then he figured out the problem: he had product-user fit, but not product-buyer fit. Developers loved Snyk. Security teams (the actual buyers) didn't care about it. The distance between user and buyer was killing him.So Guy spent a year building governance features, reporting, and enterprise capabilities—all the stuff developers didn't care about but security teams needed to write checks. Four months later, Snyk hit $650K ARR. A year after that, $4.5M. Then $19M. Today it's over $300M ARR.This episode breaks down the brutal reality of PLG when your user isn't your buyer, why Guy thinks the worst outcome for a founder is getting stuck (not failing), and how he's now raising $125M for his next company Tessl.If you're building PLG, selling to enterprise, or wondering why your users love you but won't pay—this is required listening.Why You Should Listen:Learn why thousands of users loving your product means nothing if they won't payDiscover the difference between product-user fit and product-buyer fitUnderstand why the worst outcome isn't failure—it's getting stuck in the grey zoneMaster the art of anchoring in the future instead of just filling today's gapsKeywords:startup podcast, startup podcast for founders, product market fit, PLG strategy, product-user fit vs product-buyer fit, developer tools, security startup, enterprise sales, bottoms-up GTM, Snyk founderChapters:(00:00:00) Intro(00:01:37) The first start up :Blaze.io"(00:06:16) The Beginning & Concept of Skyk(00:15:27) Why use Snyk(00:23:41) The Product Led Growth for Snyk(00:33:08) Raising for Snyk(00:38:58) The Beginning & Concept of TESL(00:46:39) Raising for TESL(00:48:52) Finding PMF(00:49:26) One Piece of AdviceSend me a message to let me know what you think!

Neste episódio, exploramos o que realmente faz um programa de Bug Bounty funcionar — além dos prêmios em dinheiro. Conversamos sobre como alinhar a iniciativa às demandas de Application Security, desde o desenho das políticas até o processo de triagem dos relatórios recebidos. Discutimos como priorizar vulnerabilidades, evitar ruído e transformar descobertas da comunidade em melhorias reais de segurança. Um papo direto sobre maturidade, cultura e eficiência em programas de Bug Bounty. Quer que eu deixe a descrição mais curta para usar nas plataformas de streaming (tipo Spotify, Apple Podcasts)?Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Gold Security, Digitalwolk e PurpleBird Security.

F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up. Selected Reading F5 disclosures breach tied to nation-state threat actor (CyberScoop) CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA) ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)  PowerSchool hacker sentenced to 4 years in prison (The Record)  Cisco faces Senate scrutiny over firewall flaws (The Register) Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)  Google Careers impersonation credential phishing scam with endless variation (Sublime Security)  Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)  Qilin Ransomware announced new victims (Security Affairs)  When Face Recognition Doesn't Know Your Face Is a Face (WIRED) Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

En este episodio de El Podcast de Dynamic Devs, Jonathan González conversa con Oliver Fierro sobre el reto central de hoy: cómo asegurar el pipeline de CI/CD sin perder velocidad. Profundizan en dónde aparecen las vulnerabilidades en DevSecOps, cómo priorizar hallazgos (CVE) dentro de una plataforma interna (IDP), y el papel real de GitHub Advanced Security, Snyk y Trivy en la automatización. También exploran indicadores técnicos para medir madurez y una mirada al futuro: IA generativa y agentes que prometen pipelines auto-protegidos.

Send us a textThe enterprise software landscape in 2025 continues to evolve at a breakneck pace, marked by a surge of strategic acquisitions, partnerships, and AI-driven innovations. Acumatica's acquisition by Vista Equity Partners signals a new phase of investment and potential scaling for the mid-market ERP leader. Meanwhile, alliances like Capgemini's expanded collaboration with Mistral AI and SAP, and SAP's new partnership with Alibaba Group, underscore the growing importance of regional and AI-native synergies. On the AI front, DataRobot's open-source framework for agentic workflows and Deloitte's launch of a Global Agentic Network both highlight the race to operationalize autonomous digital workforces. Product innovation also remains intense: Snyk's AI Trust Platform, Gainsight's Atlas, and Similarweb's AI Agent collections illustrate how vendors are embedding intelligence across ecosystems. Complementing this trend, Invoca's acquisition of Symbl.ai and Salesforce's plan to acquire Informatica show how data and conversational intelligence are becoming central to customer engagement strategies. Even digital service providers like TELUS Digital are doubling down on CRM-centric growth through the acquisition of Gerent, reflecting how every layer of the enterprise stack is being redefined by AI and data infrastructure convergence.In today's episode, we invited a panel of industry analysts for a live discussion on LinkedIn to analyze current enterprise software stories. We covered many grounds including the direction and roadmaps of each enterprise software vendors. Finally, we analyzed future trends and how they might shape the enterprise software industry.Background Soundtrack: Away From You – Mauro SommFor more information on growth strategies for SMBs using ERP and digital transformation, visit our community at wbs. rocks or elevatiq.com. To ensure that you never miss an episode of the WBS podcast, subscribe on your favorite podcasting platform. 

Send us a textIn this episode of the ABM Done Right Podcast, Eric Gruber (CEO of Personal ABM) talks to Rachel Donner at Snyk about their ABM programs in relation to their customer success programs. You will hear:1. How true ABM belongs closer to sales and CS than marketing, and why the CRO and CCO should own it.2.  What true 1:1 ABM is - and how Snyk is using it to drive adoption, retention, and account expansion. 4.  The 1:1 ABM content that is needed to protect and expand accounts.  

A era quântica deixou de ser ficção científica e já começa a mexer com a segurança digital de empresas no mundo todo. No novo episódio, recebemos Leonardo Carissimi, líder de Cibersegurança e Privacidade da Capgemini Brasil, para falar sobre criptografia pós-quântica e criptoagilidade, trazendo dados e insights do estudo global “Futuro Criptografado”. Conversamos sobre como organizações brasileiras e globais estão se preparando para o “Dia Q”, quando computadores quânticos poderão quebrar a criptografia atual, e quais tendências devem moldar a cibersegurança em 2025 e além. Descubra por que 70% das empresas já planejam adotar soluções de segurança quântica, como diretrizes regulatórias estão guiando essa transição e o que você precisa saber para enfrentar os próximos desafios digitais.Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Gold Security, Digitalwolk e PurpleBird Security.

No episódio de hoje recebemos Leticia Pereira, especialista em CSIRT e Resposta a Incidentes, para discutir como equipes de Computer Security Incident Response Team podem se beneficiar de práticas de Application Security. Exploramos como integrar a visão de AppSec no dia a dia do CSIRT, quais informações os times de desenvolvimento podem fornecer para enriquecer a resposta a incidentes e como essa colaboração fortalece a resiliência organizacional frente a ataques.Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Gold Security, Digitalwolk e PurpleBird Security.

Alex is joined by Guy Podjarny, serial entrepreneur and Founder and CEO at Tessl (and Founder of Snyk). In the episode, they discuss Guy's incredible journey from founding Snyk (valued at $8.5B at its peak) to leaving the unicorn he built to tackle the next frontier: reimagining software development for the AI era. Guy reveals why he believes software development will evolve from code-centric to spec-centric, how Tessl raised $125M to build this vision, and the lessons he's learned about scaling AI-native companies in this ‘gold rush' environment. He discusses the challenges of building for an unknown future, managing high-caliber teams, and why he's already rebuilt his product three times. Guest links: LinkedIn: https://www.linkedin.com/in/guypo/ Website: https://tessl.io/ Hear more from Guy on stage at SaaStock Europe. https://saastock-europe.com/tickets/       Check out the other ways SaaStock is helping SaaS founders move their business forward: 

Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement and government email accounts are sold online for as little as $40. Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks.  NIST has released a concept paper proposing control overlays for securing AI systems. A date with an AI chatbot ends in tragedy. Our guest is Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Dutch speed cameras are stuck in a cyber-induced siesta. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Selected Reading Plex warns users to patch security vulnerability immediately (Bleeping Computer) Cisco Discloses Critical RCE Flaw in Firewall Management Software (Infosecurity Magazine) Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products (SecurityWeek) CISA Releases Thirty-Two Industrial Control Systems Advisories (CISA.gov) Hackers Breach Canadian Government Via Microsoft Exploit (Bank Infosecurity) Compromised Government and Police Email Accounts on the Dark Web (Abnormal.AI) Telco giant Colt suffers attack, takes systems offline (The Register) Taiwan announces measures to protect hospitals from hackers (Focus Taiwan) New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework (Hack Read) A flirty Meta AI bot invited a retiree to meet. He never made it home. (Reuters) Dutch prosecution service attack keeps speed cameras offline (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode SummaryWill AI replace developers? In this episode, Snyk CTO Danny Allan chats with Michael Grinich, the founder and CEO of WorkOS, about the evolving landscape of software development in the age of AI. Michael shares a fascinating analogy, comparing the shift in software engineering to the historical evolution of music, from every family having a piano to the modern era of digital creation with tools like GarageBand. They explore the concept of "vibe coding," the future of development frameworks, and how lessons from the browser wars—specifically the advent of sandboxing—can inform how we build secure AI-driven applications.Show NotesIn this episode, Danny Allan, CTO at Snyk, is joined by Michael Grinich, Founder and CEO of WorkOS, to explore the profound impact of AI on the world of software development. Michael discusses WorkOS's mission to enhance developer joy by providing robust, enterprise-ready features like authentication, user management, and security, allowing developers to remain in a creative flow state. The conversation kicks off with the provocative question of whether AI will replace developers. Michael offers a compelling analogy, comparing the current shift to the historical evolution of music, from a time when a piano was a household staple to the modern era where tools like GarageBand and Ableton have democratized music creation. He argues that while the role of a software engineer will fundamentally change, it won't disappear; rather, it will enable more people to create software in entirely new ways.The discussion then moves into the practical and security implications of this new paradigm, including the concept of "vibe coding," where applications can be generated on the fly based on a user's description. Michael cautions that you can't "vibe code" your security infrastructure, drawing a parallel to the early, vulnerable days of web browsers before sandboxing became a standard. He predicts that a similar evolution is necessary for the AI world, requiring new frameworks with tightly defined security boundaries to contain potentially buggy, AI-generated code.Looking to the future, Michael shares his optimism for the emergence of open standards in the AI space, highlighting the collaborative development around the Model Context Protocol (MCP) by companies like Anthropic, OpenAI, Cloudflare, and Microsoft. He believes this trend toward openness, much like the open standards of the web (HTML, HTTP), will prevent a winner-take-all scenario and foster a more innovative and accessible ecosystem. The episode wraps up with a look at the incredible energy in the developer community and how the challenge of the next decade will be distributing this powerful new technology to every industry in a safe, secure, and trustworthy manner.LinksWorkOS - Your app, enterprise readyWorkOS on YouTubeMITMCP Night 2025Snyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Are you building a sales org from scratch? Or rebuilding one in the middle of an AI boom? If so, this episode is your field guide. CJ sits down with Ethan Schechter, SVP of Global Sales and Customer Success at Qodo (and the guy who helped take Snyk from $0 to $100M+ in revenue), to talk about the wild days of early-stage sales leadership. Ethan shares how he navigates “basecamp” moments and the “smile” and “cry” days of year one. He explains his approach to hiring for a new org, building internal trust while over-communicating, designing incentive structures for the early days, trading dollars for speed through discounting, and staying competitive in the fast-changing era of AI. The episode ends with an entertaining roast of LinkedIn's cringe posts, from fake ARR math to self-given nicknames and beyond.—LINKS:Ethan Schechter on LinkedIn: https://www.linkedin.com/in/ethanschechterQodo: https://www.qodo.aiCJ on X (@cjgustafson222): https://x.com/cjgustafson222Mostly metrics: RELATED EPISODES:A CFO's Guide to Understanding Sales Teams, featuring Snyk's Ethan Schechter — —TIMESTAMPS:(00:00) Preview and Intro(02:07) Sponsor – Navan | Rillet | Pulley(06:10) Ethan's Career as an Early-Stage Sales Leader and Understanding Equity(10:04) The “Basecamp” Mindset and Restarting Strong(12:33) Building Out Your Rules of Engagement(14:25) Sponsor – Brex | Aleph | RightRev(18:45) Navigating the “Smile and Cry” Days of Year One(24:03) Ethan's Approach to Hiring for a New Org(27:38) Building Trust With Founders as a New Sales Leader(30:19) Incentives: Creating a Commission Plan for the Early Days(34:10) Why You “Can't Divide Zero”: Handling Deal Splits(35:52) Other Early-Stage-Isms or Philosophies(38:52) Discounting at an Early-Stage Company(41:17) Selling in Today's Environment: Competitive Trap-Setting(44:47) Budgets for AI Products: Experimental ARR(45:50) Monthly Deals and Decision Cycles in the Current Environment(47:33) Remaining Competitive in the Era of AI(51:08) The Lighter (and Cringier) Side of LinkedIn(1:03:01) Wrap—SPONSORS:Navan is the all-in-one travel and expense solution that helps finance teams streamline reconciliation, enforce policies automatically, and gain real-time visibility. It connects to your existing cards and makes closing the books faster and smarter. Visit https://navan.com/runthenumbers for your demo.Rillet is the AI-native ERP modern finance teams are switching to because it's faster, simpler, and 100% built for how teams operate today. See how fast your team can move. Book a demo at https://www.rillet.com/metrics.Pulley is the cap table management platform built for CFOs and finance leaders who need reliable, audit-ready data and intuitive workflows, without the hidden fees or unreliable support. Switch in as little as 5 days and get 25% off your first year: https://pulley.com/mostlymetrics.Brex offers the world's smartest corporate card on a full-stack global platform that is everything CFOs need to manage their finances on an elite level. Plus, they offer modern banking and treasury as well as intuitive expenses and accounting automation, bill pay, and travel. Find out more at https://www.brex.com/metricsAleph automates 90% of manual, error-prone busywork, so you can focus on the strategic work you were hired to do. Minimize busywork and maximize impact with the power of a web app, the flexibility of spreadsheets, and the magic of AI. Get a personalised demo at https://www.getaleph.com/runRightRev automates the revenue recognition process from end to end, gives you real-time insights, and ensures ASC 606 / IFRS 15 compliance—all while closing books faster. For RevRec that auditors actually trust, visit https://www.rightrev.com and schedule a demo.#SalesLeadership #StartupSales #SalesStrategy #SalesCompensation #discounting This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.mostlymetrics.com

Join us every Friday as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

The current phase of software development is probably the most insecure era ever — there's so much more application and code that's vulnerable, according to Snyk CEO Peter McKay. “It was a struggle for security teams to keep up with the pace of software development prior to generative AI, and now with generative and copilot and Windsurf and all the tools that are out there, you know, they're moving even faster and security is struggling to keep up.” McKay joins Bloomberg Intelligence's head of technology research, Mandeep Singh, to discuss the application of large-language models for securing the use of tools, including Cursor and Github copilots. He also talks about the addressable market for DevSecOps (the development, security and operations approach), potential automation driven by AI and Snyk's acquisitions for both talent and product features as the attack surface expands in cybersecurity.

Send us a text00:00 - Intro00:53 - Harvey Eyes $5B Primary Valuation Amid Legal AI Surge01:58 - Wealthfront Preps IPO After Strong $290M Revenue02:42 - Snyk Acquires Invariant to Secure AI Risks03:47 - PlayAI In Acquisition Talks With Meta04:46 - OpenAI and Microsoft Clash Over AGI Clause06:12 - Kalshi Hits $2B Primary Valuation Amid Legal Wins07:00 - Polymarket Nears $1B Valuation With $200M Raise07:49 - Melio Acquired by Xero at $2.5B

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com There is a whirlwind of change in federal technology. For example, Federal News Network has reported that 25% of the IRS technology staff have left. Additionally, funding has been reduced, data stores are increasing, and we are all trying to understand the impact of Artificial Intelligence. Today, we sat down with Phoebe Nerdahl and Sayed Said from SNYK. They offer solutions to address the challenges of changing technology in this environment. The approach from SNYK is to start at the beginning of the code development process, what is called a shift left. They discussed the need for a secure framework for AI adoption, leveraging Snyk's proprietary database and security research team to enhance code security. The conversation also touches on the evolving definition of AI and its integration into various applications. Snyk's AI Trust Platform aims to protect against insecure AI-generated code, emphasizing continuous security monitoring and automation. They have a vulnerability database, which enables them to review code for potential issues. Further, their platform can automate this needed remediation.

In this episode of Change Fluency, Jay Kiew speaks with Ashley Miller, Senior Manager, Global Workplace at Snyk , who draws on her career journey at Snyk, WeWork, Nike, UnderArmour, and Wayfair to provide insights into workplace experiences. They discuss the valuable skills gained from retail and hospitality, the evolution of workspaces in a hybrid environment, and the importance of creating community and connection among employees. Ashley shares her thoughts on leveraging technology to enhance the workplace experience and the need for bold moves in shaping the future of work.You can find Ashley at https://www.linkedin.com/in/ashley-miller-75607a27/

On this episode of the Cybersecurity Defenders Podcast we speak with Filip Stojkovski, Staff Security Engineer at Snyk.Filip is a cybersecurity professional with over 15 years of experience. He began his career as a SOC analyst and now leads SecOps engineering at Snyk. Filip also advises organizations on SOAR, AI for SOC, and threat intelligence strategies. He holds multiple SANS certifications, including GSTRT, GCTI, and GCFA, and was recognized as “Threat Seeker of the Year.” He is the creator of the LEAD Threat Intelligence Framework and the Security Automation Development Life Cycle. Filip regularly shares his expertise through industry talks and on his blog: Cyber Security Automation and Orchestration

What does it mean to be a “day one partner” for founders—and how does that change in an era of AI-driven acceleration?On this episode of The Data Minute, Peter sits down with Ed Sim, founding partner of Boldstart Ventures and the voice behind “What's Hot

Large language models are helping developers move faster than ever. But behind the convenience of AI-generated code lies a security vulnerability: package hallucinations. In this episode, Ashok sits down with U.S. Army cybersecurity officer and PhD researcher Joe Spracklen to unpack new research on how hallucinated package names—fake libraries that don't yet exist—can be weaponized by attackers and quietly introduced into your software supply chain. Joe's recent academic study reveals how large language models like ChatGPT and Code Llama are frequently recommending software packages that don't actually exist—yet. These fake suggestions create the perfect opportunity for attackers to register malicious packages with those names, compromising developer machines and potentially entire corporate networks. Whether your team is deep into AI pair programming or just starting to experiment, this conversation surfaces key questions every tech leader should be asking before pushing AI-generated code to production. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Inside the episode... What "package hallucinations" are and why they matter How AI code assistants can introduce real vulnerabilities into your network Which models were most likely to hallucinate packages Why hallucinated package names are often persistent—not random How attackers could weaponize hallucinated names to spread malware What mitigation strategies were tested—and which ones failed Why simple retrieval-based techniques (like RAG) don't solve the problem Steps security-conscious teams can take today to protect their environments The importance of developer awareness as more non-traditional engineers enter the field Mentioned in this episode Python Package Index (PyPI) npm JavaScript package registry Snyk, Socket.dev, Phylum (dependency monitoring tools) Artifactory, Nexus, Verdaccio (private package registries) ChatGPT, Code Llama, DeepSeek (AI models tested) Subscribe to the Convergence podcast wherever you get podcasts including video episodes on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Subscribe to the Convergence podcast wherever you get podcasts including video episodes to get updated on the other crucial conversations that we'll post on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow.   Follow the Pod Linkedin: https://www.linkedin.com/company/convergence-podcast/ X: https://twitter.com/podconvergence Instagram: @podconvergence

Gambian Government; Isle of Man Government; Passkeys for Normal People; The Have I Been Pwned Alpine Grand Tour ; Sponsored by Snyk https://www.troyhunt.com/weekly-update-451/See omnystudio.com/listener for privacy information.

With the AI hype cycle spiraling forward, and speed often being prioritized over security, many industry leaders, analysts, and data center operators are warning about the dangers lurking in the code many of us use every day. On this episode of The Reboot Chronicles Show, we went to the source, to figure out how that gap is being closed with Serial CEO and top Rebooter, Peter McKay - CEO of Snyk. Snyk is a developer security platform that's reshaping how vulnerabilities are caught, fixed, and prevented—at the source—before the code goes live.Watch or listen in on this episode as Peter shares how he rebooted Snyk, got them to move faster than the hackers, how AI has changed the coding game, why you should “give a shit” and not just “throw crap over the fence”—and how they are on their way toward being a billion-dollar market leader.

Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! ‍ On this episode of Storm⚡️Watch, we're breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the CVE program. As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe's ENISA is rolling out the EU Vulnerability Database to ensure regional control, while China continues to operate its own state-mandated systems. Meanwhile, the CVE ecosystem's chronic delays and the NVD's new “Deferred” status for tens of thousands of older vulnerabilities are pushing teams to look elsewhere for timely, enriched vulnerability data. Open-source projects like OSV.dev and commercial players such as VulnCheck and Snyk are stepping up, offering real-time enrichment, exploit intelligence, and predictive scoring to help organizations prioritize what matters most. The result is a fragmented but innovative patchwork of regional, decentralized, open-source, and commercial solutions, with hybrid approaches quickly becoming the norm for defenders worldwide. We're also diving into Imperva's 2024 Bad Bot Report, which reveals that nearly a third of all internet traffic last year came from malicious bots. These bots are getting more sophisticated—using residential proxies, mimicking human behavior, and bypassing traditional defenses. The report highlights a surge in account takeover attacks and shows that industries like entertainment and retail are especially hard hit, with bot traffic now outpacing human visitors in some sectors. The rise of simple bots, fueled by easy-to-use AI tools, is reshaping the threat landscape, while advanced and evasive bots continue to challenge even the best detection systems. On the threat intelligence front, GreyNoise has just launched its Global Observation Grid—now the largest deception sensor network in the world, with thousands of sensors in over 80 countries. This expansion enables real-time, verifiable intelligence on internet scanning and exploitation, helping defenders cut through the noise and focus on the threats that matter. GreyNoise's latest research shows attackers are exploiting vulnerabilities within hours of disclosure, with a significant portion of attacks targeting legacy flaws from years past. Their data-driven insights are empowering security teams to prioritize patching and response based on what's actually being exploited in the wild, not just theoretical risk. We're also spotlighting Censys and its tools for tracking botnets and advanced threats, including collaborative projects with GreyNoise and CursorAI. Their automated infrastructure mapping and pivoting capabilities are helping researchers quickly identify related malicious hosts and uncover the infrastructure behind large-scale attacks. Finally, VulnCheck continues to bridge the gap during the CVE program's uncertainty, offering autonomous enrichment, real-time exploit tracking, and comprehensive coverage—including for CVEs that NVD has deprioritized. Their Known Exploited Vulnerabilities catalog and enhanced NVD++ service are giving defenders a broader, faster view of the threat landscape, often surfacing critical exploitation activity weeks before it's reflected in official government feeds. As the vulnerability management ecosystem splinters and evolves, organizations are being forced to rethink their strategies—embracing a mix of regional, open-source, and commercial intelligence to maintain visibility and stay ahead of attackers. The days of relying on a single source of truth for vulnerability data are over, and the future is all about agility, automation, and real-time insight. Storm Watch Homepage >> Learn more about GreyNoise >>  

Tom Hulme is a General Partner @ GV and leads GV's European investing. He has led rounds in Monzo, Nothing, GoCardless, Lemonade, Snyk and is widely considered one of the best investors in Europe.  Stan Boland is one of the most successful and respected entrepreneurs in the UK.  In 1999, he co-founded Element 14 which was acquired by Broadcom in 2000 for $640 million. Following this, Boland co-founded Icera Inc. in 2002, a fabless semiconductor company which he sold to Nvidia for $367 million.  In Today's Discussion We Cover: 04:26 Is The UK's Biggest Problem a Talent Problem 09:50 Why We Need to Flood the UK With Venture Capital 10:38 What Europe Can Learn from Stripe and the Collisons 15:21 How the UK Can Use Visas to Retain the Best Talent 16:46 Why the Government Needs to Put 10x More Cash Into Fund of Funds 24:32 Is the London Stock Exchange F****** and Does it Matter? 34:38 What The UK Can Learn From Sequoia and the Norwegian Sovereign Wealth Fund 40:42 What is a “National Goal for Wealth Creation” & How Do We Implement It? 48:10 What are the Most Broken Elements of the UK Tax Regime 52:11 Is It Stupid to Remove the Non-Dom Tax Status 53:15 Why is Now the Time to Be Bullish on China 01:00:19 Biggest Lessons from Working with Jensen Huang 01:08:04 Quick Fire Round: Insights and Predictions    

Welcome to Episode 373 of the State of the New York Knicks podcast! The Knicks just handed the Wizards a beatdown, and We (as in me and Knick fans on twitter space) diving into it all. Tyler Kolek introduces himself to the Knicks rotation—big news there. But before we get into that, I gotta get something off my chest... why are guys like Landry Shamet and Cam Payne getting minutes over guys like Kolek and Pacome Dadiet? We'll break that down. Also, the Knicks are playing without Jalen Brunson, so what's the team's identity looking like without him on the floor? And, Knicks fans, before we dive in, make sure you click the links below for all the latest merch, articles, and more from SNYK. Now, let's get to it!https://snyk-pod.printify.me/https://snykpodcast.substack.com/https://www.youtube.com/@SNYKPodcasthttps://www.twitch.tv/statesnykgaming

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we sit down with Karthik Natarajan, Solutions Engineering Manager, U.S. Public Sector, for SNYK. SNYK has garnered a formidable reputation in the commercial sector by helping to identify and fix vulnerabilities in code, open-source dependencies, and container images. Karthik Natarajan acknowledges that no code can be 100% secure; however, one way to improve by a magnitude is to incorporate the “Shift Left” approach. This phrase has been around for twenty years but has recently gained momentum. The concept of shift left moves testing and performance evaluation to an earlier part of the software development lifecycle. But SNYK goes further by applying AI to look at open-source dependencies. When infrastructure transitions to “infrastructure as code,” vulnerabilities may be included. SNYK also looks for vulnerabilities in infrastructure code. The interview ends with Karthik explaining that SNYK's success is due to it being written for cloud applications- it is cloud native.  Also, they judiciously use AI and rigorously check corrections to code that may introduce trouble.    

Episode SummaryIn this episode of The Secure Developer, Danny Allan, CTO of Snyk, sits down with Wayne Chang, Founder and CEO of SpruceID, to explore the evolving landscape of digital identity and security. From self-sovereign identity to the role of AI in authentication, they discuss the future of identity management, the risks of centralized systems, and the benefits of decentralized approaches. They also dive into how policy, compliance, and emerging technologies like passkeys and zero-knowledge proofs are shaping the security ecosystem.Show NotesThe world of digital identity is changing fast, and in this episode of The Secure Developer, we explore how security professionals and developers can navigate this evolving space. Host Danny Allan is joined by Wayne Chang, Founder and CEO of SpruceID, to discuss key trends and challenges in identity management.Topics Discussed:Wayne's Background: From health tech to digital identity, how Wayne's early struggles with integrating health records led to his passion for self-sovereign identity.The Evolution of Digital Identity: Why usernames and passwords are no longer the gold standard, and how newer methods like passkeys and cryptographic credentials improve security.Decentralization vs. Centralization: The trade-offs between federated identity systems (like OAuth and SSO) and self-hosted identity wallets.The Role of AI in Identity Security: How AI is both a tool for improving security and a threat vector for identity fraud.Privacy and Compliance: How regulations like GDPR, CCPA, and emerging state-level laws influence digital identity strategies.The Future of Authentication: The move from multi-factor authentication to "myriad factor authentication," leveraging multiple signals for seamless and secure access.Wayne and Danny also discuss real-world use cases, including the development of mobile driver's licenses, emerging digital identity wallets, and the challenges of ensuring privacy and security while maintaining usability. The conversation highlights how organizations can stay ahead with better authentication practices and privacy-preserving architectures as fraud becomes more sophisticated.LinksSpruceID - Identity infrastructure for the digital worldNIST - The National Institute of Standards and TechnologyNIST SP 800-63 - Digital Identity GuidelinesACLU Digital ID State Legislative RecommendationsSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn

Future of Software, Agents in the Enterprise, and Inception Stage Company Building // MLOps Podcast 293 with Eliot Durbin, General Partner at Boldstart Ventures.Join the Community: https://go.mlops.community/YTJoinIn Get the newsletter: https://go.mlops.community/YTNewsletter // AbstractKey lessons for founders that are thinking about or starting their companies. 15 years of inception stage investing from how data science companies like Yhat went to market in 2013-14 and how that's evolved, to building companies around OSS frameworks like CrewAI; Eliot share's key learnings and questions for founders starting out.// BioEliot is a General Partner @ boldstart ventures since it's founding in 2010. boldstart an inception stage lead investor for technical founders building the next generation of enterprise companies such as Clay, Snyk, BigID, Kustomer, Superhuman, and CrewAI. // Related LinksWebsite: boldstart.vchttps://medium.com/@etdurbin~~~~~~~~ ✌️Connect With Us ✌️ ~~~~~~~Catch all episodes, blogs, newsletters, and more: https://go.mlops.community/TYExploreJoin our slack community [https://go.mlops.community/slack]Follow us on X/Twitter [@mlopscommunity](https://x.com/mlopscommunity) or LinkedIn (https://go.mlops.community/linkedin) Sign up for the next meetup: [https://go.mlops.community/register]MLOps Swag/Merch: [https://shop.mlops.community/]Connect with Demetrios on LinkedIn: /dpbrinkmConnect with Eliot on LinkedIn: /eliotdurbin

What's up, Knicks Nation! Welcome back to episode 366 of the State of the New York Knicks podcast. I'm your host Uncle State, bringing you all the latest and greatest on our beloved Knicks, and yes, I run this podcast solo, so it's just me and you today and knick fans. In tonight's game, the Knicks took down the Philadelphia 76ers in dramatic fashion! Jalen Brunson hit a clutch three-pointer to break the 102-102 tie and seal the win. Absolutely incredible! Meanwhile, Mikal Bridges was on fire with 28 points, really showing out in this game. And don't forget about Josh Hart, who chipped in with a monster 17 rebounds — absolutely key to this victory.As always, if you're a true Knicks fan, make sure you check out the links in the description below. We've got everything from exclusive merch, articles from SNYK, to our Reddit posts, and don't forget our Twitch and YouTube channels where we keep the conversation going.Alright, let's dive into the breakdown of this exciting game — stay tuned, we've got a lot to talk about. Let's go, Knicks!https://www.twitch.tv/statesnykgaminghttps://snyk-pod.printify.me/https://snykpodcast.substack.com/https://www.reddit.com/user/stateofthenykhttps://www.youtube.com/@SNYKPodcast

What's up, Knicks fans! Welcome to episode 367 of the State of the New York Knicks podcast. I'm your host State, running the show twitter space hosting as always, and today we've got an exciting one to break down and the return of our guy Mitchell Robinson The Knicks pulled off a big win against the Memphis Grizzlies, and it was none other than OG who made the biggest shot of his Knicks career — a go-ahead 3-pointer that sealed the deal! Huge moment for him, and that clutch shot wouldn't have been possible without Jalen Brunson, who made a perfect pass to set it up. McBride also played a key role in this one, contributing when it mattered most, and don't forget about Shamet, who hit a timely 3-pointer to give the Knicks the momentum they needed.As always, if you're a Knicks fan, make sure to check out the links in the description — we've got exclusive merch, SNYK articles, Reddit posts, and our Twitch and YouTube channels, where we keep the Knicks talk rolling.Alright, let's dive into all the details of this thrilling victory. Let's go, Knicks!"reddit.com/user/stateofthenyk/https://snykpodcast.substack.com/https://www.youtube.com/@SNYKPodcasthttps://snyk-pod.printify.me/https://www.reddit.com/user/stateofthenyk/

00:00 - PreShow Banter™ — Highest Rated Chalk04:14 - BHIS - Talkin' Bout [infosec] News 2025-01-2008:53 - Story # 1: Data From 15,000 Fortinet Firewalls Leaked by Hackers14:25 - Story # 2: China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says16:29 - Story # 3: TikTok reportedly plans ‘immediate' Sunday shutdown in the US if it's banned25:47 - Story # 4: FBI forces Chinese malware to delete itself from thousands of US computers35:06 - WWHF Denver36:03 - BSides San Diego37:23 - Security Stadium38:22 - Story # 5: Exchange 2016 and 2019 reach end-of-life status later this year42:45 - Story # 6: Snyk security researcher deploys malicious NPM packages targeting Cursor.com46:17 - Story # 7: New UEFI Secure Boot flaw exposes systems to bootkits, patch now57:34 - Story # 8: Lawsuit: Allstate used GasBuddy and other apps to quietly track driving

Seth and Ken return once again to talk through the overall effectiveness and purpose of Portswigger's Top 10 Web Hacking Techniques and how it benefits the community. A short discussion on some of the current crop of techniques up for polling. Spurred by recent revelations around Snyk's approach to identifying security issues in npm packages, the duo discusses research techniques and identifying security issues without exploitation or harm. To close out, a discussion on progressing from junior to senior within the security space and challenges in the current market.

Snyk mysteriously deploys apparently malicious packages Baltic sea cable cuts can't be accident, says EU tech chief CISA warns of second BeyondTrust vulnerability Huge thanks to our sponsor, Dropzone AI Does your SOC feel like it's drowning in alerts? Dropzone AI cuts through the noise, triaging 100% of alerts and giving you clear, actionable insights. Ready to break free? Check out the demo at dropzone.ai. For the stories behind the headlines, head on over to CISOSeries.com

The Biden administration is finalizing an executive order to bolster U.S. cybersecurity. Ivanti releases emergency updates to address a critical zero-day vulnerability. A critical vulnerability is discovered in Kerio Control firewall software. Palo Alto Networks patches multiple vulnerabilities in its retired migration tool. Fake exploits for Microsoft vulnerabilities lure security researchers. A medical billing company data breach affects over 360,000. A cyberattack disrupts the city of Winston-Salem. CrowdStrike identifies a phishing campaign exploiting its recruitment branding. Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. The worst of the worst from CES.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. Learn more in Snyk's AI Readiness Report about how some companies are still hesitant to adopt AI, despite its clear benefits in addressing human error and keeping up with fast-evolving technology. Selected Reading White House Rushes to Finish Cyber Order After China Hacks (Bloomberg) Zero-Day Patch Alert: Ivanti Connect Secure Under Attack (GovInfo Security) GFI KerioControl Firewall Vulnerability Exploited in the Wild (SecurityWeek)  Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool (SecurityWeek)  Security pros baited by fake Windows LDAP exploits (The Register) Major US medical billing firm breached, 360K+ customers' healthcare data leaked (Cybernews) Recruitment Phishing Scam Imitates CrowdStrike Hiring Process (CrowdStrike) Some Winston-Salem city services knocked offline by cyberattack (The Record) Excelsior Orthopaedics Data Breach Impacts 357,000 People (SecurityWeek)  The 'Worst in Show' CES Products Put Your Data at Risk and Cause Waste, Privacy Advocates Say (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode SummaryImagine if AI could detect and fix vulnerabilities in your code faster and with greater precision than ever before. That future is already here! In today's episode, we're joined by Berkay Berabi, an AI researcher and Senior Software Engineer at Snyk, to dive into the cutting-edge world of AI-powered vulnerability detection. Berkay offers insight into how Snyk is leveraging a hybrid AI approach to detect and fix vulnerabilities in code, combining human-driven expertise with machine learning for greater accuracy and scalability. He also introduces CodeReduce, a game-changing tool by Snyk that strips away irrelevant code, streamlining the detection process and addressing the challenges posed by complex, multi-step data flows. Through rigorous model testing, Snyk ensures that AI-generated fixes are validated to prevent errors, making the process faster and more reliable.Show NotesIn this fascinating episode of The Secure Developer, host Danny Allan sits down with Berkay Berabi, an AI researcher at Snyk, to explore the groundbreaking CodeReduce technology and its implications for software security. Berabi, who transitioned from electrical engineering to AI research, shares insights into how Snyk is revolutionizing vulnerability detection and remediation using artificial intelligence.The conversation delves deep into the technical aspects of CodeReduce, explaining how this innovative approach reduces complex code structures by up to 50 times their original size while maintaining vulnerability detection capabilities. Berabi explains the sophisticated process of code reduction, analysis, and fix generation, highlighting how AI models can better understand and address security vulnerabilities when working with simplified code. The discussion also covers the challenges of different AI models, from T5 to StarCoder and Mixtral, exploring their varying capabilities, accuracies, and performance trade-offs.The episode critically examines the future of AI in software development, addressing both opportunities and concerns. Berabi and Allan discuss recent findings about AI-generated code potentially introducing new vulnerabilities, referencing Gartner's prediction that by 2027, 25% of software vulnerabilities could be created by AI-generated code. They explore how tools like CodeReduce and other AI-powered security measures might help mitigate these risks while examining the broader implications of AI assistance in software development. This episode offers valuable insights for developers, security professionals, and anyone interested in the intersection of AI and software security.LinksDeepCode AI Fix Research PaperDeepCode AI Fix Blog Post Follow UsOur WebsiteOur LinkedIn

Send us a text00:00 - Intro00:08 - ServiceTitan Surges to $8.9B After Strong Nasdaq IPO01:12 - Snyk Hits $9.4B Valuation with $300M ARR02:10 - OpenAI Rolls Out Real-Time Video Analysis for ChatGPT02:56 - Fleet Space Doubles Valuation to $525M03:37 - Runway Projects $265M Revenue in 202404:12 - Crusoe Raises $600M, Valued at $2.8B04:55 - Google and Samsung Enter XR Market with Mixed-Reality Headset06:31 - Pre-IPO Stock Market Weekly Performance07:16 - Pre-IPO Stock Vintage Index Weekly PerformanceNEW FUND ANNOUNCEMENT*: The AG Dillon Anduril Pre-IPO Stock Fund is now accepting investors. Anduril Industries is a defense technology company that specializes in building advanced artificial intelligence (AI) and autonomous systems for military and national security purposes. Financial advisors only. Email aaron.dillon@agdillon.com to invest or request fund materials. Note important disclosures at the end of this post.Subscribe to AG Dillon Pre-IPO Stock Research at agdillon.com/subscribe;- Wednesday = secondary market valuations, revenue multiples, performance, index fact sheets- Saturdays = pre-IPO news and insights, webinar replays* NOTE: AG Dillon ("AGD") is not affiliated with Anduril. Anduril may require company approval for purchases (aka transfers). AGD has not been pre-approved by Anduril to purchase their stock. AGD purchases pre-IPO stocks in the secondary market and may gain exposure by directly purchasing the stock (on the company's capitalization table) and/or through a third-party fund (aka special purpose vehicle, or SPV).

Guy Podjarny founded Tessl, Snyk and Blaze. Tessl is reimagining software development for the AI era and shaping AI Native Development. Snyk created and leads the Developer Security category, and is now a multi-billion dollar company with over 1,000 employees. Guy was previously CTO at Akamai (following its acquisition of Blaze), is an active angel investor, and co-hosts of the AI Native Dev podcast. In Today's Episode with Guy Podjarny We Discuss:  03:02 Discussion on NVIDIA's Market Position 04:14 Will We See a Trough of Disillusionment in AI 07:36 The Future of AI Development and Specialized Models 10:17 Challenges and Opportunities in AI Dev Tools 17:41 Concerns About Closed vs. Open Development Platforms 21:27 Speculations on AI's Role in Application Layers 24:40 Google's Competitive Edge 25:28 IPO and M&A in the Trump Era 26:45 The Future Role of Software Developers 32:20 Security Challenges in AI Development 33:41 Spicy Questions and Charity Donations 36:05 Quickfire Round: Insights and Advice      

In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-385

This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-385

This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-385

This week, Danny Allen, Snyk's CTO, discusses how AI regulations are influencing both the security of AI tools and the broader software ecosystem and the emphasis on compliance with security standards. This comes on the heels of a recent report which found that the majority of security leaders have begun contemplating banning the use of AI in coding due its security risks. Ben dives into policy changes we might expect from the next FCC chairman. Dave's got the story of a school shut down over deepfake nudes. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Trump Picks Brendan Carr to Lead F.C.C. Explicit deepfake scandal shuts down Pennsylvania school Get the weekly Caveat Briefing delivered to your inbox. Like what you heard? Be sure to check out and subscribe to our Caveat Briefing, a weekly newsletter available exclusively to N2K Pro members on N2K CyberWire's website. N2K Pro members receive our Thursday wrap-up covering the latest in privacy, policy, and research news, including incidents, techniques, compliance, trends, and more. This week's Caveat Briefing covers the story of Chinese President Xi Jinping meeting with outgoing U.S. President Joe Biden at the APEC summit in Peru, discussing key issues like Taiwan, cybercrime, and trade while emphasizing China's desire for stable U.S.-China relations as Donald Trump prepares to assume office. Both leaders highlighted the importance of managing differences, though tensions remain over Taiwan, military provocations, and U.S. trade restrictions on Chinese technology. Curious about the details? Head over to the Caveat Briefing for the full scoop and additional compelling stories. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

“It's a bit too early to say that the race is over,” said Philippe Botteri when asked about European startups' AI progress. “I think we're just at the very early innings of this race.” Botteri is a partner at early-stage investment firm Accel with over 13 years under his belt at the firm, leading investments in DocuSign, UiPath and more recently Snyk and Chainalysis. Today on TechCrunch's Equity podcast, host Rebecca Bellan caught up Botteri to dive deep into Accel's Euroscape 2024 Report. Tapping into Botteri's experience in Cloud, SaaS security, and enterprise sectors, the pair discuss AI's rising influence, its impact on software and cloud investments, and how European startups can compete with the US. Listen to the full episode for more about:How AI is eating the software market, with AI and cloud funding predicted to hit $79.2 billion by the end of 2024.The challenges faced by traditional software companies as funding growth slows outside of AI.Why Europe's strong talent pool gives it an edge in the AI race, even as startups on the continent struggle to compete with the ungodly amounts of money U.S. tech giants have.Increased M&A activity globally amid a slow IPO market.Why 2025 will be the year of the “agentic revolution” with AI significantly impacting software development and productivity.Equity is TechCrunch's flagship podcast, produced by Theresa Loconsolo, and posts every Wednesday and Friday. Subscribe to us on Apple Podcasts, Overcast, Spotify and all the casts. You also can follow Equity on X and Threads, at @EquityPod. For the full episode transcript, for those who prefer reading over listening, check out our full archive of episodes over at Simplecast. Credits: Equity is produced by Theresa Loconsolo with editing by Kell. Bryce Durbin is our Illustrator. We'd also like to thank the audience development team and Henry Pickavet, who manages TechCrunch audio products.

In this insightful episode of “World Class with Chris Vasquez,” Chris is joined by Ed Sim, the #1 seed investor in the world, to share his invaluable lessons from 28+ years of venture capital investing. We cover the best startup funding lessons from 28+ years of investing and the exciting world of AI & VC trends in the next 12 months. Ed breaks down his approach to “inception investing,” diving into his unique 5 Ps model for evaluating startups and why starting small with your investments can lead to big payoffs. He shares his philosophy on the importance of having three founders, a concept honed over decades of successful investments. You'll also hear about “The Weekend Test,” Ed's method for evaluating founders' true dedication. As the venture space continues to evolve, Ed discusses the biggest shifts in the industry and how they're shaping the future of startups. He takes a deep dive into the current AI investment landscape and shares stories of successful startups, including Parker Conrad and the rise of Snyk. For founders, this episode is packed with advice on how to market the vision of your startup, when to deploy more capital, and why the first round of funding is so critical. Ed also talks about the ins and outs of launching a VC fund, and the importance of having “skin in the game,” especially as an underdog in the world of venture capital. Ed's journey is one of resilience and determination, and he shares his mantra of staying “poor, hungry, and determined,” a mindset that has guided him through decades of success in investing. If you're interested in venture capital, the future of AI, or want to know how to navigate the startup world from a master investor's perspective, this episode is for you. Tune in for a wealth of knowledge from one of the most successful seed investors in the world.

Timestamps: (0:00) Alex and Jason kick off the news show! (3:26) Overview of Harvard's AR glasses tech demo and club projects (10:09) Squarespace - Use offer code TWIST to save 10% off your first purchase of a website or domain at https://www.Squarespace.com/TWIST (11:35) Discussing responsible tech use, privacy, and entrepreneurial aspirations (18:30) Guests' academic focus and future in technology (19:41) LinkedIn Ads - Get a $100 LinkedIn ad credit at http://www.linkedin.com/thisweekinstartups (21:27) AR technology trends, practicality, and ethical considerations (26:10) AI advancements, deepfakes, and AR in healthcare (29:37) Washington Post - TWiST listeners can subscribe for just 50 cents per week for your first year at https://www.washingtonpost.com/twist (31:06) Insights on young founders and the podcast's live format evolution (31:58) Venture capital trends and Initialize Capital's restructuring (39:28) Founders Fund and CRV developments, returning capital to LPs (42:02) Analysis of scale insurgents and successful startup unicorns (46:39) Secondary market opportunities and fund exit strategies (53:00) New Twist 500 members: Snyk and Nym (59:56) TikTok's impact on the music industry and content creators (1:03:48) Investment discussions with Chef Reactions and TikTok creators * Subscribe to the TWiST500 newsletter: https://ticker.thisweekinstartups.com Check out the TWIST500: twist500.com Subscribe to This Week in Startups on Apple: https://rb.gy/v19fcp * Follow AnhPhu: X: https://x.com/AnhPhuNguyen1 LinkedIn: https://www.linkedin.com/in/anhphu5/ * Follow Caine: X: https://x.com/CaineArdayfio LinkedIn: https://www.linkedin.com/in/caine-ardayfio/ * Follow Alex: X: https://x.com/alex LinkedIn: ⁠https://www.linkedin.com/in/alexwilhelm * Follow Jason: X: https://twitter.com/Jason LinkedIn: https://www.linkedin.com/in/jasoncalacanis * Thank you to our partners: (10:09) Squarespace - Use offer code TWIST to save 10% off your first purchase of a website or domain at https://www.Squarespace.com/TWIST (19:41) LinkedIn Ads - Get a $100 LinkedIn ad credit at http://www.linkedin.com/thisweekinstartups (29:37) Washington Post - TWiST listeners can subscribe for just 50 cents per week for your first year at https://www.washingtonpost.com/twist * Great TWIST interviews: Will Guidara, Eoghan McCabe, Steve Huffman, Brian Chesky, Bob Moesta, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarland * Check out Jason's suite of newsletters: https://substack.com/@calacanis * Follow TWiST: Twitter: https://twitter.com/TWiStartups YouTube: https://www.youtube.com/thisweekin Instagram: https://www.instagram.com/thisweekinstartups TikTok: https://www.tiktok.com/@thisweekinstartups Substack: https://twistartups.substack.com * Subscribe to the Founder University Podcast: https://www.youtube.com/@founderuniversity1916

Tamar Yehoshua is the president of product and technology at Glean. Prior to joining Glean, Tamar was chief product officer at Slack, where she led product, design, and research as the company scaled, including a 10x increase in revenue, its public listing, and an acquisition by Salesforce. She also led product and engineering teams at Google, working on search, identity, and privacy, and at A9.com, an Amazon company. Tamar has served on the board of directors for RetailMeNot, ServiceNow, Snyk, and Yext. In our conversation, we discuss:• Why you don't need to be a well-run company to win• The impact of AI on product management and the future of work• How to build strong cross-functional relationships, especially with engineers• Lessons learned from working with leaders like Jeff Bezos and Stewart Butterfield• Strategies for staying ahead in a rapidly evolving tech landscape• Much more—Brought to you by:• Explo—Embed customer-facing analytics in your product• Sprig⁠⁠—Build products for people, not data points• Sidebar—Accelerate your career by surrounding yourself with extraordinary peers—Find the transcript and show notes at: https://www.lennysnewsletter.com/p/you-dont-need-to-be-a-well-run-company-to-win-tamar-yehoshua—Where to find Tamar Yehoshua:• X: https://x.com/TYehoshua• LinkedIn: https://www.linkedin.com/in/tamar-yehoshua-886217/• Newsletter: https://tamaryehoshua.substack.com/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Tamar's background(02:09) Key advice for career success(06:54) Understanding people and motivations(09:33) The importance of impact(11:20) Navigating company chaos(18:40) Career planning: a different perspective(26:22) Lessons from industry leaders(37:59) Building stronger cross-functional relationships(42:00) Streamlining OKR reviews with async methods(45:26) Why you shouldn't worry so much about making users unhappy(47:50) The power of listening in leadership(52:34) How to leverage AI so you don't fall behind(01:06:39) Closing thoughts and lightning round—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple's Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach.  SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on their recent work "Agent Hijacking: the true impact of prompt injection attacks."  Selected Reading FBI tells public to ignore false claims of hacked voter data (Bleeping Computer) Russia's RT news agency has ‘cyber operational capabilities,' assists in military procurement, State Dept says (The Record) The Dark Nexus Between Harm Groups and ‘The Com' (Krebs on Security) China suspected of hacking diplomatic body for Pacific islands region (The Record) Apple Intelligence Promises Better AI Privacy. Here's How It Actually Works (WIRED) Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO (Washington Post) 23andMe settles data breach lawsuit for $30 million (Reuters) SolarWinds Patches Critical Vulnerability in Access Rights Manager (SecurityWeek) Malware locks browser in kiosk mode to steal Google credentials (Bleeping Computer) Is anyone out there? (Prospect Magazine)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CSAC recommends key changes to the  Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allen, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Danny Allen, Snyk's CTO, discussing how in the rush to implement GenAI, companies bypass best practices and security policies. This highlights a clear gap between those in leadership looking to adopt AI tools and the teams who are utilizing them. Learn more in Snyk Organizational AI Readiness Report.  Selected Reading CISA advisors urge changes to JCDC's goals, operations, membership criteria (The Record) CISA says 'patch now' to 7-year-old Oracle WebLogic bug (The Register) Snowflake says users with single-factor authentication targeted in attack (SC Media) Advance Auto Parts stolen data for sale after Snowflake attack (Bleeping Computer) Major Publishers Sue Google Over Ads for Pirated Ebooks (Publishing Perspectives) FBI unveils 7,000 decryption keys to aid LockBit victims (Silicon Republic)  Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit (GB Hackers) Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers (Trend Micro) Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices