Cloud Security Podcast

Adam Bateman, security researcher and CEO of Push Security with red‑team roots. He explores browser‑native attacks and why treating IDPs like firewalls is risky. Topics include consent phishing that hijacks Azure, click‑fix clipboard attacks, the shift to identity‑first adversaries, and limits of EDR and SSPM in SaaS/Chromebook environments.

Edward Wu, Founder and CEO of Dropzone AI, builds AI agents that automate SOC triage for cybersecurity teams. He discusses how attackers currently use LLMs for reconnaissance and spear-phishing. He explains why major commercial models restrict exploit generation. He describes AI agents already automating massive volumes of alert investigations and reframes hallucinations as context failures.

Toni (Tony) De La Fuente, creator of the open-source tool Prowler with 25+ years in security, joins to unpack AI infrastructure risks. He explains why AI workloads differ from cloud, the shared responsibility gap in managed AI services, dangers of default MCP setups, and why generated IaC and multi-party AI stacks create new blind spots.

Eduardo Redondo Garcia, Global Head of Cloud Security Architecture at Check Point with decades in security and AI fraud detection. He discusses how natural language becomes an attack vector, prompt injection and runtime defenses, risks from Shadow AI and third-party models, scaling social engineering with GenAI, and tackling deepfakes and biometric bypasses.

Brad Hibbert, COO and Chief Strategy Officer at Brinqa with 20+ years in security, talks about the shift from traditional vulnerability approaches to exposure management. He covers cloud-driven complexity, the difference between service owners and remediation teams, how AI sharpens prioritization, and when automation is safe. Practical steps for starting small and aligning incentives are discussed.

Bryan Woolgar-O'Neil, CTO and co-founder of Harmonic Security, focuses on secure AI adoption and developer-friendly AI governance. He discusses why blocking developer tools fails and why many MCP servers run locally. He explains MCP and Harmonic’s gateway approach, argues for coaching engineers in real time instead of blunt blocking, and predicts small specialized models will win for business tasks.

Antoinette Stevens, Principal Security Engineer at Ramp, brings her expertise in detection engineering to a lively discussion about the role of AI in security operations. She emphasizes the importance of human judgment over AI's limitations, such as hallucinations. Antoinette advocates for an engineering-led approach and warns about the shrinking entry-level job market, pushing for software skills in security roles. The conversation covers the necessity of building robust detection programs while treating AI as a supportive tool, not a replacement. Plus, she shares her personal interests, from wine certification to comedy!

Join Sapna Paul, a Senior Manager at Dayforce with a robust background in cybersecurity and DevSecOps, as she unpacks the complexities of AI vulnerability management. Discover why traditional patching doesn’t apply to neural networks and delve into the three critical layers of AI vulnerabilities. Sapna highlights the importance of aligning AI risks with business goals and shares practical ways to use AI to combat alert fatigue. She also emphasizes mentoring and the essential skills needed for security professionals in an evolving AI landscape.

Matt Castriotta, Field CTO at Rubrik, shares insights on the vital need for cyber resilience over traditional backup strategies. He emphasizes that merely having backups is insufficient; organizations must recover clean, trusted data after attacks. Matt warns against the myths of cloud-native recovery like S3 versioning and elaborates on why identity must be the new perimeter in security. The conversation also covers AI's role in data integrity, offering practical advice on incident response and recovery planning.

Yash Kosaraju, CISO of Sendbird, shares insights from transforming the company from a chat API platform to an AI agent powerhouse. He introduces the concept of 'Multi-Layer Trust' as a more pragmatic approach than the traditional 'Zero Trust.' The discussion spans critical topics like securing AI interactions, the blurred lines of incident response when AI agents operate across boundaries, and the benefits of embedding security directly into development teams. Yash also emphasizes the importance of empowering employees with enterprise AI tools while maintaining a robust security culture.