Agent risks: prompt injection and secrets

In this episode, we examine what is shifting in AI, AppSec, and product security and what remains fundamentally the same.

For years, application security has operated on a familiar model: siloed reviews, tool-driven findings, and periodic assessments that struggle to keep pace with modern development. AI doesn’t eliminate those pressures, it amplifies them. Code is generated faster, systems are more interconnected, and the surface area of change expands weekly. 

The conversation explores agent-based workflows through tools like OpenClaw, not as novelty, but as a signal of a broader shift: from manually operating tools to orchestrating fleets of agents. As AI interfaces move from chat windows to terminals to messaging environments, security teams must reconsider where workflows live and how context is preserved across them.

For decades, AppSec has struggled to build a reliable understanding of what systems exist and how they connect. Large language models may finally make it possible to construct living maps of components, data flows, and trust boundaries  enabling assessments that talk to each other instead of existing in isolation.

The discussion also revisits threat modeling, not as a compliance artifact, but as a foundation for system-wide reasoning. If AI can automate baseline coverage and reduce repetitive toil, security teams may return to their original purpose: high-leverage risk judgment on critical systems. This leads to a broader debate whether AppSec as a distinct function evolves, shrinks, or dissolves into engineering itself and what the enduring “maker–checker” model of risk management demands in an AI-native world.

Finally, the episode reflects on the role of large AI labs in security: the gap between ambitious claims and shipped products, and what that means for founders and security leaders navigating change.

00:00–02:15 — Why this is a no-guest episode & what’s changed since last year

02:15–06:30 — AI co-authoring, productivity gains, and writing workflows

06:30–10:20 — OpenClaw architecture, agent risks, and prompt injection realities

10:20–14:00 — The shifting UI of AI: chat → terminal → messaging agents

14:00–18:30 — Agent orchestration vs siloed security tooling

18:30–23:00 — Context graphs and assessments that “talk” to each other

23:00–27:30 — Threat modeling’s evolution and system-wide visibility

27:30–31:00 — Why inventory is still AppSec’s hardest problem

31:00–34:30 — Personal AI stacks: Obsidian, memory layers, and query tools

34:30–37:30 — Open source in the age of AI-generated PR spam

37:30–40:00 — AI labs: what they ship vs what they say

40:00–44:00 — Will AppSec disappear? A serious debate

44:00–48:00 — Maker–checker risk models in an AI-driven org

48:00–51:00 — Where AI replaces toil — and where humans stay critical

51:00–End — 2026 predictions for AI security and product security

.