Enterprise Security Weekly (Audio)

The Weekly Enterprise News This week, in the enterprise security news, Copy Fail The hits keep coming for CVE, NIST and NVD Cyber attacks on breathalyzers insurance carriers pulling support for AI Florida Man pleads guilty ignore the humanities at your own peril offense and defense don't scale the same is it okay to be left behind? scientists gave cocaine to salmon Mind the Gap: Confidence, AI, and the Future of Exposure Management Former ethical hacker, now founder and CEO of Intruder, Chris Wallis explores whether AI can bridge the divide between finding vulnerabilities and understanding real-world attack context as exploit windows continue to shrink. This conversation dives into the structural "confidence gap" uncovered in Intruder's 2026 Security Middle Child Report, where executive risk appetite is increasingly decoupled from front-line operational reality. Check out Intruder's Security Middle Child Report at https://securityweekly.com/intruderrsac. Modern Phishing Attacks Are Under Multi-Channel Siege Recently, there has been a shift in cybercriminals' behavior, marked by a surge in total phishing attack volume. These attacks are fueled by high-scale automation and a coordinated multi-channel siege targeting corporate collaboration tools. Trusted platforms such as email, Teams, calendars and others are in the cross-hairs, bypassing traditional phishing methods that have worked in the past. This segment is sponsored by KnowBe4. Visit https://securityweekly.com/knowbe4rsac to learn more about them! AI is Now Default Enterprise Accelerator The Zscaler ThreatLabz 2026 AI Security Report reveals that enterprise AI adoption has surged by up to 93% year-over-year, yet 100% of tested AI environments remain vulnerable to breaches that can occur in as little as 16 minutes. It highlights a dangerous shift toward "machine-speed" threats, where attackers use generative AI to automate data exfiltration and create sophisticated deepfakes. To combat these risks, the report urges organizations to move beyond simple blocking and instead implement a Zero Trust architecture for safe, AI-native data protection. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-458

Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn't the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged assets like IoT and OT. The bottom line: PQC migration is unavoidable. Starting early—especially with crypto inventory and planning—will make the transition far less painful. RSAC Interview: Multi-Channel Impersonation: Why Legacy Controls Are Failing As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He'll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today. Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach. RSAC Interview: OT: Segmented Today, Breached Tomorrow As the worlds of IT and OT converge, traditional network segmentation falls short, exposing risks in the critical environments that keep energy flowing and shelves stocked. Conventional security tools fail to identify these gaps, with serious repercussions for operators. At runZero, we empower defenders to win by default through comprehensive discovery, rapid detection of critical exposures, and unique segmentation analysis that does not depend on span ports, credentials, or on-device agents. runZero provides real-time insights into even the most sensitive environments — quickly, safely, and securely. This segment is sponsored by runZero. Visit https://securityweekly.com/runzerorsac to learn more about them! RSAC Interview: Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents. Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac. RSAC Interview: The Threat Curve Has Reset: Why AI Made "Solved" Attacks Dangerous Again AI hasn't just evolved cyberattacks—it has reset the threat curve entirely. New research shows that even "solved" problems like phishing and business email compromise are immature and dangerous again, with attackers using AI and autonomous agents to launch hyper-personalized, multi-channel attacks at scale. This session explores what Phishing 3.0 really means for security leaders—and why defending trust now requires a fundamentally new approach. This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/IRONSCALESrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-457

Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but often struggle to translate that information into coordinated operational response. This discussion explores how organizations are embedding intelligence directly into security workflows and introducing AI agents to support investigation, enrichment and response. Sachin will discuss Cyware's Agentic Fabric approach and the evolution toward an agent-centric model, where a portfolio of specialized agents assists analysts across threat intelligence, detection engineering and response workflows. The conversation will focus on how AI can support security teams while maintaining human oversight and operational control. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Beyond the Audit: Making Cyber Risk Continuous, Quantified, and Actionable Most companies assess cyber risk once a year and call it done — but for organizations managing dozens of subsidiaries or portfolio companies, that's a costly blind spot. In this RSA interview, Resilience's VP of Customer Engagement explores why measuring risk in dollars (not color-coded charts) changes the conversation at the board level, and why the organizations best positioned to prevent losses are the ones treating cyber risk as a continuous discipline rather than an annual exercise. See it in action. Request a demo at https://securityweekly.com/resiliencersac. Delinea: Redefining Identity Security for the Agentic AI Era As enterprises scale agentic AI and automation, privileged access is increasingly required by non-human identities (NHIs) that operate autonomously across hybrid and cloud-native environments, introducing risks that static, credential-based models were never designed to govern. Delinea's recent of acquisition of StrongDM. This segment is sponsored by Delinea. Visit https://securityweekly.com/delinearsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-456

Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn't a typical ESW guest. I think it's essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That's what we're doing today with Jim. He specializes in building custom AI architecture and workflows for his clients. We discuss the state of AI in the enterprise and why so many of these efforts fail. We'll discuss the elements of AI success and whether security plays a role in helping AI efforts succeed or contribute to failures. Segment Resources: https://www.proarch.com/ Cowork vs Cowork - Why Microsoft 365 Copilot Cowork Is the One Built for Enterprise RSAC Exec Interviews, Part 1 Trends Revealed in Fortinet's FortiGuard Labs 2026 Global Threat Landscape Report Fortinet's Global Director of Threat Intelligence and Adversarial AI Research explores the trends revealed in the latest Global Threat Landscape Report from FortiGuard Labs, including a surge in AI-enabled cybercrime. As AI optimizes and accelerates attack techniques, here's how cyber defenders should respond. This segment is sponsored by Fortinet . Visit https://securityweekly.com/fortinetrsac to learn more about them! X-PHY Delivers Hardware-Enforced Security for the Age of AI Agents Camellia Chan, CEO and Co-Founder of X-PHY, discusses how Model Context Protocol (MCP) is making it easier for AI agents to plug into enterprise apps and operate with elevated permissions—creating new opportunities for attacks and data exfiltration. She explains how X-PHY's hardware-enforced monitoring and detection sit beyond the OS trust boundary to enforce immutable limits on what agents can do and stop threats before data is lost, so organizations can adopt agentic AI with confidence. Security leaders looking to deploy AI agents safely can request a demo or briefing with X-PHY at https://securityweekly.com/xphyrsac. RSAC Exec Interviews, Part 2 Introducing Legion Investigator: Goal-Oriented AI Investigations Traditional security playbooks often fail because they cannot capture the fluid, context-dependent reasoning required when a routine investigation hits a non-scripted "judgment point." Legion Investigator addresses this gap by employing goal-oriented AI agents that move beyond rigid scripts to interpret findings and execute complex, multi-step investigations based on your team's unique environment and expertise. By bridging the divide between automated execution and human-level reasoning, the platform ensures that every alert (no matter how unpredictable) is handled with the depth and consistency of a senior analyst. This segment is sponsored by Legion Security. Visit https://securityweekly.com/legionrsac to learn more about them! The Missing Layer in Zero Trust: The Security Policy Control Plane Zero Trust has become the dominant security architecture for hybrid and cloud environments, but many organizations are discovering that deploying enforcement technologies alone does not deliver operational control. Firewalls, cloud security groups, and microsegmentation platforms enforce access decisions, yet the policies behind those controls are often fragmented, difficult to validate, and constantly changing. In this conversation, FireMon CEO Jody Brazil discusses why modern security architectures increasingly require a security policy control plane: a layer that continuously validates how policy is enforced across firewalls, cloud networks, and segmentation platforms. The discussion explores why policy drift occurs in real environments, how enforcement systems become difficult to coordinate at scale, and what organizations must do to ensure Zero Trust policies remain consistent as infrastructure evolves. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemonrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-455

Georges Bossert, Sekoia.io CTO/Product lead, on agentic AI in SOCs and the need for context and runbooks. John Wilson, Fortra threat researcher, on Scripted Sparrow BEC campaigns and active defense/scambaiting. Samuel Hassine, Filigran CEO, on threat intelligence and CTEM to operationalize defenses. Mark Lambert, ArmorCode CPO, on unified AI exposure management and agentic AI platforms.

Thyaga Vasudevan, EVP of Product at Skyhigh Security, on hybrid browser controls and DSPM. Jimmy White, VP of AI at F5, on securing AI agents and lifecycle risks. Ashish Jain, CTO at OneSpan, on passkeys and bank deployment tactics. Mickey Bresman, CEO of Semperis, on his cyberwar documentary and defender mental health. Brian Oh, Head of Product at FIS, on merchant tokenization, virtual cards, and behavioral biometrics.

Alexandre Sieira, serial entrepreneur and Tenchi Security CTO, on making inside-out third-party risk checks possible. Helen Patton, CISO advisor and author, on switching to cyber mid-career and leveraging diverse backgrounds. Lenny Zeltser, veteran security leader and former Axonius CISO, on CISO archetypes, leadership lessons, and securing fast-moving teams. Conversations cover TPCRM innovation, career pivots, and CISO reflections.

Kara Sprague, CEO of HackerOne, expert in vulnerability disclosure and AI-driven triage. Mike Prevett, founder of Return on Security, market intelligence analyst tracking cybersecurity funding and trends. They discuss how AI can triage and validate vulnerabilities in legacy critical infrastructure. They also cover the current cybersecurity market, funding shifts, AI’s role in tools and teams, and industry-wide changes.

Allie Mellen, author of Code War, a researcher of nation-state cyber operations. Jeremy Snyder, CEO of FireTail, expert in AI governance and observability. They discuss nation-state hacking, attribution challenges, wipers and geopolitical context. They also cover AI shadow IT, API observability, discovery-first visibility, and model risk categories.

Jacob Horne, a defense-contracting cybersecurity evangelist familiar with CMMC and NIST, explains CMMC phase 1 enforcement and verification risks. David Zendzian, VMware Tanzu security lead, breaks down SBOMs and continuous compliance for supply chain security. Anna Pham, Huntress threat hunter and malware reverser, dissects the CrashFix/ClickFix browser-extension attack and its clipboard‑paste trickery.