Crying Out Cloud

Igor Andriushchenko joins Crying Out Cloud to explain how vibe coding changes the role of security engineers. The shift from typing lines of code to shaping entire systems means security teams need new strategies. Developers expect their shipping velocity to increase tenfold with AI assistance. Relying on traditional hard deployment blocks will only cause friction. If you want to understand how to build secure guardrails for AI development without destroying developer momentum, this conversation covers the exact mechanics.What's Inside:The evolution of the Stockholm tech scene and human ambition driven by AI.How Lovable empowers non-developers to build disposable and deeply specific software.The concept of "soft guardrails" and why hard blocks fail in AI-assisted workflows.Future capabilities of AI pen testing using hundreds of autonomous agents.The shared responsibility model when business users build internal applications.

Agentic AI is coming. Are defenders ready?Alon Schindel, Director of Data & Threat Research at Wiz, joins Eden and Amitai for the Season 3 Finale. This isn't just a recap. It is a look at how top-tier research teams operate at speed. Alon explains why Wiz treats research as a "product" rather than a support function. He details the "DeepLeak" discovery where his team found thousands of exposed API keys mere hours after a platform's popularity spiked.What's Inside:Agentic AI: Why 2026 will be the year AI starts taking action, not just chatting.Speed as a Weapon: How to shorten the time between a zero-day and a detection.Culture: The power of the "Table" and collaborative chaos.Retrospective: Lessons from IngressNightmare and the year in vulnerabilities.Resources:Read the DeepLeak Research: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leakWiz Threat Research Hub: https://www.wiz.io/research

🚨 Vibe coding meets critical data exposure: The Moltbook Hack.On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Gal Nagli to unpack how he compromised the "Facebook for AI Agents" in under an hour ↓How a simple boolean manipulation (valid: false to true) bypassed authenticationCloud Database misconfigurations and the failure of Row Level Security (RLS)How Claude Code was used to identify and exploit the vulnerabilityThe security reality of "Vibe Coding" and zero-manual-code applications

🚨 Everything you need to know about CodeBreach with Yuval AvrahamiOn this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Yuval Avrahami to unpack a major supply-chain flaw that put cloud environments at risk ↓Misconfigured CodeBuild instances used by AWS themselvesOne small regex mistake, huge consequencesHow an SDK used by the AWS Console could have been hijacked (!)The CI/CD controls that can mitigate this risk

🎙️ Shai-Hulud, Shai-Hulud 2.0, are you keeping up?In this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen go deep into real-world cloud security incidents ↓How Shai-Hulud evolved into Shai-Hulud 2.0A vulnerability affecting Apache TikaReact2Shell and its implicationsGogs zero-day explainedYou DONT want to miss this!This is a technical, concrete conversation focused on how attacks actually happen, how they evolve, and what defenders need to understand to keep up.

Join John Miller, Director of Operations at Google Threat Intelligence Group, and Ryan Nolet, AWS’s vulnerability disclosure expert, as they dive into how AI is reshaping the threat landscape. They discuss the swift adoption of AI by attackers, leading to new challenges like AI-generated slop reports. John emphasizes the increasing importance of identity and visibility in security, while Ryan warns about the risks of supply-chain vulnerabilities and code reuse. Together, they outline a proactive approach for cloud defenders in 2025.

Alex Hurtado, a detection engineering leader and researcher, shares her insights on cloud security and threat hunting. She discusses how detection engineering has evolved, emphasizing the superiority of DIY detections over vendor defaults. Alex explores the transformative role of AI in threat hunting, while advocating for the crucial human element in adapting AI responses. She highlights challenges like identity sprawl and encourages community collaboration to enhance detection practices. With personal anecdotes on parallel parking and trekking, Alex adds a humorous touch to her expertise.

🔍 From discovering VS Code supply chain risks → to uncovering Redis Shell vulnerabilities.Eden Naftali and Amitai sat down to unpack: 👇How VS Code extensions became a critical supply chain risk (w/ Rami McCarthy)What RediShell reveals about attacker innovationWhere AI is being weaponized in modern malware🎙️ Listen now to our NEW Crying Out Cloud episode

🚨 The kernel-level security revolution you can't ignore — a must-listen with Liz RiceEden Naftali and Amitai sit down with Liz Rice, Chief Open Source Officer at Isovalent (Cisco), and a global expert in eBPF, containers, and Kubernetes security.🎙️ In this episode:How eBPF is reshaping cloud security from the ground upPractical strategies to tackle open source supply chain attacks (a hot topic given today’s events)A must-listen for anyone building or securing cloud infrastructure in an era of AI coding and supply chain attacks.

🔐 Erik Bloch on his path from military hacker to Illumio security leader.Eden Naftali and Amitai sat down with Erik Bloch & here's what they covered 👇How starting in the military shaped Erik's approach to securityBuilding and scaling cloud detection & response teamsConverting security metrics into actionable business KPIs