Security Weekly Podcast Network @SecWeekly

Identity security has a new bottleneck. And it’s not authentication. Authorization is now the hardest problem in modern systems. Connectivity and authentication have largely been commoditized. But deciding what an identity—or an AI agent—should access is still unsolved. It gets even harder when agents act on behalf of users or other agents, requiring real-time decisions with full context. So how do you safely authorize something that keeps changing in real time? Now booking interviews at Black Hat 2026. Early access pricing is open. Message us for details! #IdentitySecurity #Cybersecurity #AIAgents

AI isn’t just helping defenders. According to this clip, it’s rapidly increasing the effectiveness of low-level and mid-tier cyber attackers too. Tasks that once required deep expertise are becoming faster, cheaper, and easier to scale. The result? Security teams may need to rethink response times, staffing, and overall defense posture much sooner than expected. Are organizations underestimating how quickly AI changes the threat landscape? #Cybersecurity #AI #InfoSec

No links. No attachments. No mistakes required. This clip explains how Pegasus spyware uses “zero-click” exploits to compromise phones silently — giving attackers access to messages, calls, cameras, microphones, and location data. It also breaks down why these vulnerabilities can be worth millions on the private market. Would you report a bug for thousands if someone else would pay millions?

Career mistakes aren’t always failures. In this clip, Ankita Gupta explains why she’d tell her younger self to take bigger risks earlier, work on harder problems, and actively create opportunities instead of waiting for luck to happen. Can ambition and timing actually create “luck”? #Careers #Leadership #Startups

Executive leadership rewards confidence — but too much confidence looks narcissistic. This conversation breaks down the balancing act leaders face in the C-suite, where appearing too vulnerable can hurt credibility, but projecting too much certainty can backfire too. The discussion also touches on how platforms like Medium shape the way leadership advice gets written and consumed online. How much vulnerability should executives actually show? #Leadership #CISO #Business

Companies rushed into SaaS before governance caught up. AI may be repeating the same mistake. This clip explains why organizations need to decide which AI tools are officially authorized — and block the rest. The discussion covers shadow AI, enterprise-grade controls, data residency risks, and why not every AI platform belongs inside a corporate environment. How many AI tools are already touching sensitive company data without approval? #AI #Cybersecurity #DataSecurity

AI tools trained users to expect unlimited access for free. Now infrastructure costs, investors, and IPO pressure are changing the equation. This clip breaks down why relying too heavily on “free” AI products could become expensive very quickly — especially for businesses building workflows around them. What happens when AI companies finally have to monetize at scale? #AI #Cybersecurity #TechNews

Some of the world’s highest-profile accounts reportedly didn’t have MFA enabled. The reason may not have been ignorance — it may have been workflow friction. In this clip, the speakers explain how shared social media accounts, marketing teams, and awkward login processes push people toward insecure behavior. The bigger problem might be product design, not just user mistakes. How much insecure behavior is actually caused by bad security UX? #CyberSecurity #MFA #SecurityUX

AI can scan for problems. But security teams still need feedback from humans. In this clip, the speaker explains why senior pentesters provide value even when they find nothing exploitable. The real insight is understanding what defenses worked, what attack paths were tested, and why the system held up. That kind of active feedback is hard to automate. What happens when security testing becomes “no findings” with no explanation? #CyberSecurity #AI #PenTesting

Every system action is now an API call. And authorization decides who gets in. Identity security is shifting. From SSH access to cloud buckets to AI tool calls, everything runs through APIs. That means every request must be governed and scoped carefully. The real change is subtle but critical: authorization is becoming the true control point in modern infrastructure. If everything is an API, what breaks when authorization fails? Now booking interviews at Black Hat 2026. Early access pricing is open. Message us for details! #Cybersecurity #API #IdentitySecurity

Security teams usually work best from the ground up. But AI adoption is often happening from the top down. Large budgets get approved first, and practitioners are expected to “figure out how to use it” afterward. The clip compares it to forcing your family to eat a meal subscription box just because you already paid for it. The result can be tools, detections, and workflows driven more by headlines than operational need. How often does security strategy start with executive pressure instead of practitioner feedback? #CyberSecurity #AI #SecurityOperations

SIEM correlation was supposed to solve alert overload. Years later, most teams still struggle with it. Every organization has different tools, different telemetry, and different rules. That makes reliable correlation incredibly difficult — and noisy detections pile up fast. A lot of security teams keep waiting for correlation logic to clean things up later. In many environments, that moment never comes. Is SIEM correlation fundamentally too complex to scale cleanly? #CyberSecurity #SIEM #SOC

The biggest security risk isn't always a hacker. Sometimes it's a privileged account that's always available. In this clip, the speaker explains why enterprise admin and root-level access should be temporary, controlled, and fully auditable—not permanently assigned. How many privileged accounts in your environment have more access than they actually need? Now booking interviews at Black Hat 2026. Early access pricing is open. Message us for details! #CyberSecurity #ZeroTrust #IdentitySecurity

Tokenized banking doesn’t necessarily mean cryptocurrency. And that distinction matters. In this clip, the idea gets broken down using a simple analogy: the blockchain holds a “pointer” to deposits, while the actual money stays inside the traditional banking system. The goal? Banks get faster blockchain-style rails without giving up control of deposits. Is this the future of banking infrastructure — or just traditional finance wrapped in new technology? #Blockchain #Banking #FinTech

Cisco SD-WAN has already seen seven vulnerabilities exploited this year. And the latest one allows root command execution. The catch? Attackers need authenticated access first — but the clip immediately points out how realistic credential compromise already is in modern environments. Then comes the bigger problem: edge devices frequently stay unpatched for long periods of time. At what point do recurring edge-device vulnerabilities become an operational crisis instead of isolated incidents? #Cisco #CyberSecurity #ZeroDay

When does vulnerability research cross the line into enabling attacks? Microsoft argues that publishing exploit code before patches are available can directly help threat actors and harm customers. The discussion highlights the growing tension between responsible disclosure, public research, and real-world exploitation risks. Should researchers prioritize openness—or protection from immediate abuse? #Cybersecurity #VulnerabilityDisclosure #Infosec

“Sanctions don’t kill demand—they redirect investment.” The hosts discuss how export restrictions on advanced chips may have unintentionally accelerated domestic semiconductor development efforts in China. Instead of stopping progress entirely, the controls may have pushed investment into building competing infrastructure and supply chains. What happens when technology restrictions create stronger competitors instead of weaker ones? #Cybersecurity #Semiconductors #AI

AI agents, service accounts, and machine identities are multiplying fast. The concern isn't just scale—it's control. If non-human identities eventually outnumber employees by 100 to 1, every new identity becomes another potential security risk. How do you secure identities that appear, access systems, and disappear? Now booking interviews at Black Hat 2026. Early access pricing is open. Message us for details! #CyberSecurity #AI #IdentitySecurity

A firewall doesn’t stop risk from existing. It mainly changes what happens after something goes wrong. The “Peltzman effect” explains why security controls can create a false sense of safety. A tightrope walker is still just as likely to fall whether there’s a safety net or not — the difference is the outcome after the fall. Cybersecurity works the same way more often than people realize. Are security teams confusing reduced impact with reduced risk? #Cybersecurity #RiskManagement #Infosec

Can founders ever truly disconnect from their companies? In this clip, Ankita Gupta compares building a company to raising a child — arguing that “founder mode” never really turns off for people deeply invested in what they’re building. Is constant attachment required to build something meaningful? #Startups #FounderMode #Leadership