Ep 36: Discussing AI's Current State of Affairs

Mar 2, 2026

They explore how AI is reshaping AppSec workflows, from agent orchestration to new UI paradigms. They debate risks like prompt injection, secret handling, and rapid OpenClaw adoption. They discuss threat modeling as living context graphs, building accurate software inventories, and whether AppSec will merge into engineering. They close on verification, open source churn, and the gap between AI lab claims and shipped products.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Running OpenClaw As A Personal Assistant

Anshuman uses OpenClaw as a personal AI co-author and assistant to research and manage tasks.
He runs OpenClaw on his own infra, warns it's insecure, and invites others to hack it to help harden it.

ADVICE

Wait Four Weeks Before Betting On New AI Hype

Wait at least three to four weeks before adopting every new AI hype tool to see if the community sustains it.
Sandesh uses this cooling-off rule to avoid chasing short-lived model or tool hype.

INSIGHT

AI Interfaces Are Moving Into Messaging

The AI UI is migrating from chat windows to terminals to messaging platforms, reshaping how people trigger automation.
OpenClaw stitches CLIs into Slack/Discord experiences so you can orchestrate infra from your phone.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode, we examine what is shifting in AI, AppSec, and product security and what remains fundamentally the same.

For years, application security has operated on a familiar model: siloed reviews, tool-driven findings, and periodic assessments that struggle to keep pace with modern development. AI doesn’t eliminate those pressures, it amplifies them. Code is generated faster, systems are more interconnected, and the surface area of change expands weekly.

The conversation explores agent-based workflows through tools like OpenClaw, not as novelty, but as a signal of a broader shift: from manually operating tools to orchestrating fleets of agents. As AI interfaces move from chat windows to terminals to messaging environments, security teams must reconsider where workflows live and how context is preserved across them.

For decades, AppSec has struggled to build a reliable understanding of what systems exist and how they connect. Large language models may finally make it possible to construct living maps of components, data flows, and trust boundaries enabling assessments that talk to each other instead of existing in isolation.

The discussion also revisits threat modeling, not as a compliance artifact, but as a foundation for system-wide reasoning. If AI can automate baseline coverage and reduce repetitive toil, security teams may return to their original purpose: high-leverage risk judgment on critical systems. This leads to a broader debate whether AppSec as a distinct function evolves, shrinks, or dissolves into engineering itself and what the enduring “maker–checker” model of risk management demands in an AI-native world.

Finally, the episode reflects on the role of large AI labs in security: the gap between ambitious claims and shipped products, and what that means for founders and security leaders navigating change.

00:00–02:15 — Why this is a no-guest episode & what’s changed since last year

02:15–06:30 — AI co-authoring, productivity gains, and writing workflows

06:30–10:20 — OpenClaw architecture, agent risks, and prompt injection realities

10:20–14:00 — The shifting UI of AI: chat → terminal → messaging agents

14:00–18:30 — Agent orchestration vs siloed security tooling

18:30–23:00 — Context graphs and assessments that “talk” to each other

23:00–27:30 — Threat modeling’s evolution and system-wide visibility

27:30–31:00 — Why inventory is still AppSec’s hardest problem

31:00–34:30 — Personal AI stacks: Obsidian, memory layers, and query tools

34:30–37:30 — Open source in the age of AI-generated PR spam

37:30–40:00 — AI labs: what they ship vs what they say

40:00–44:00 — Will AppSec disappear? A serious debate

44:00–48:00 — Maker–checker risk models in an AI-driven org

48:00–51:00 — Where AI replaces toil — and where humans stay critical

51:00–End — 2026 predictions for AI security and product security