The AI Security Edge

Caroline Wong welcomes Dennis Hurst, Founder and President of Saltworks Security, for an insightful conversation on how AI is transforming application security. With more than 30 years of experience, Dennis explains how AI acts as a force multiplier—amplifying both attacker capabilities and defender effectiveness. They explore the challenges of securing modern software development, the importance of automation in DevSecOps (especially with regards to data collection and reporting), and the risks of relying too heavily on AI without human oversight. Vibe coding = terrifying. Key takeaways highlight balancing speed, security, and trust in today’s evolving threat landscape.

 It seems like each and every board on the planet is demanding that their executive teams "AI all the things," at least when it comes to high tech.  In episode 6 of The AI Security Edge, Caroline Wong and Rock Lambros discuss the governance frameworks that Rock developed to combat the chaos of an approach with no real strategy. RISE: Research, Implement, Sustain, and Evaluate. CARE: Create, Adapt, Run, and Evolve. Join Caroline and Rock for this pragmatic and insightful discussion. 

In this episode of The AI Security Edge, host Caroline Wong welcomes Laz for a lively conversation on the evolving role of AI in cybersecurity. From his early research to defending against AI-powered attacks, Laz shares insights, industry experiences, and even a charming tale about his fictitious Aunt Shirley. Together, they explore how AI is reshaping the cyber battlefield and what today’s defenders must do to stay resilient in an era of machine-speed threats.

Gilles Walbrou joins Caroline Wong for an insightful discussion on the game changing nature of AI enabled malicious bots and the end of rule-based detection as we know it. They discuss the clever use AI for coding in the experimentation phase, personal experiences getting frustrated trying to pass CAPTCHAs (as real humans!), and the complex multi-step workflow that effective detection systems must navigate - in milliseconds - in order to effectively identify and respond to potentially malicious traffic. 

Izar Tarandach joins Caroline Wong for an optimistic discussion about defense in depth and the role of secure design in business processes that leverage AI. They explore the impact of prompt injection, which is the first item on the OWASP Top 10 for LLMs. Izar promotes the use of AI by cybersecurity professionals in enhancing and improving communication effectiveness. Key takeaways from this discussion include: don't put unprotected sensitive information into your database or LLM dataset, and don't allow AI to have the last word when it comes to making critical business decisions. 

Vanessa Sauter and Brennan Lodge join Caroline Wong for an intense discussion of red (offensive) and blue (defensive) capabilities and how artificial intelligence is changing each. Vanessa ponders the ability for artificial intelligence to generate more secure code than a human can, and stresses the importance of red teaming and manual penetration testing when it comes to the use of LLMs. Brennan describes how artificial intelligence can be used to manage governance, risk and compliance requirements and frameworks.

Caroline Wong and Daniel Miessler discuss reconstruction of productivity stacks as an example of artificial intelligence in practice. They consider the role of attacker capabilities in today's cybersecurity landscape and how power dynamics are shifting due to AI enablement and augmentation. In a real-time race between attacker and defender to be the first to model the most accurate attack surface for an organization, who wins - and why?