CISO Insights: Voices in Cybersecurity

Join us as we explore the hidden dangers of internally deployed AI agents and how a massive, distributed presence could allow them to orchestrate coordinated attacks from within an organization. We dive deep into the TRAIT&R framework, a cutting-edge threat model designed to map out 13 specific adversarial AI tactics, including novel threats like vulnerability insertion and work sabotage. Finally, we break down the Capability-M...

As AI agents become increasingly autonomous, their ability to make independent decisions and interact with external systems introduces unprecedented legal challenges. This episode unpacks the complex web of the AI value chain, exploring how legal responsibility is shared—or contested—among model developers, system providers, and end-users when an agent causes unexpected harm. Tune in as we examine the daunting hurdles o...

This episode breaks down the architecture required to build a fully autonomous, enterprise-grade penetration testing department using multi-agent swarms. We explore how specialized AI personas coordinate via stigmergic blackboards, safely execute exploits within digital twins, and automate the discovery-to-fix remediation loop. Furthermore, the discussion details how to construct a central data layer—or "Obsidian brain"&mdash...

This episode explores the contrasting performance of Large Language Models (LLMs) across different cybersecurity domains, highlighting a fascinating divide in their current capabilities. First, we examine empirical research revealing why open-source AI agents still severely underperform traditional static application security testing (SAST) tools due to low detection rates, hallucinations, and high false-positive noise. Then, we pi...

Current cybersecurity AI systems typically rely on single-agent scaffolds, yet research demonstrates that no individual orchestration layer is optimally suited for every type of threat. By uniting structurally diverse scaffolds through a shared "blackboard" substrate, different agents can exchange intermediate findings and compress each other's reconnaissance phases. This synergistic collaboration mimics human cognitive diversity, ...

In this podcast, we dive into the critical evolution of MLSecOps and how organizations must adapt to defend their dynamic machine learning pipelines against the OWASP ML Top 10 threats, including data poisoning and AI supply chain attacks. We explore actionable insights from DARPA's AI Cyber Challenge, highlighting how autonomous systems like Buttercup use multi-agent architectures and LLMs to revolutionize vulnerability discovery ...

In this episode, we dive into a landmark Delphi study where 272 international experts prioritize the most severe threats posed by artificial intelligence over the next five years, including AI-enabled cyberattacks, dangerous capabilities, and extreme power centralization. We explore the stark "moral hazard" at the heart of the AI ecosystem, revealing how the general public and critical sectors bear the greatest vulnerabilities whil...

As autonomous AI models accelerate the speed of cyber threats, traditional security perimeters are failing, requiring organizations to adopt a Zero Trust architecture specifically designed for agentic systems. This framework adapts core Zero Trust principles to address novel vulnerabilities—such as prompt injection, tool hijacking, and memory poisoning—by enforcing strict identity-based isolation and shifting from tradi...

The 2026 FIFA World Cup presents a massive global stage, but its unmatched visibility is already attracting a complex web of physical, digital, and geopolitical security threats across the US, Mexico, and Canada. In this episode, we break down how host nations are preparing for vastly different physical risks, ranging from transnational organized crime in Mexico to violent extremists targeting fan zones during the US 250th Independ...

In this episode, we dive into Anthropic's dual-release of Claude Fable 5 and Mythos 5, two highly capable AI models built from the exact same architecture but designed for vastly different worlds. We explore how Fable 5 protects the general public with novel cyber and biological fallbacks, alongside invisible safeguards that quietly thwart competing frontier AI development. Finally, we unpack the raw, unrestricted power of Mythos 5...

This podcast explores how the CISO Marketplace streamlines vendor sourcing for security leaders by eliminating repetitive "discovery theater". It dives into how organizations can use ten free total cost of ownership (TCO) and sizing tools to uncover hidden technology costs, such as compounding carrier waste, unbudgeted cloud egress fees, and the true staffing requirements for a 24/7 SOC. Listeners will also learn how leveraging ven...

The June 2026 U.S. executive order establishes a voluntary pre-release review framework and classified NSA benchmarks to govern the advanced cyber capabilities of frontier AI models. While the federal government pushes an innovation-first agenda with no mandatory licensing or pre-clearance, AI developers face a starkly different reality of binding penalties from the EU AI Act and emerging state laws like Illinois SB 315. This episo...

The United States faces an unprecedented range of sophisticated cyber threats, highlighting the urgent need for a dedicated military branch to uniquely organize, train, and equip personnel for the digital domain. This episode explores the CSIS Commission's comprehensive plan for an independent U.S. Cyber Force, detailing its proposed structure of 30,000 personnel, reliance on expert warrant officers rather than an enlisted cadre, a...

Non-human identities now vastly outnumber human users, with recent estimates showing up to an 82-to-1 disparity in enterprise environments. The rapid adoption of autonomous AI agents amplifies this crisis, as these agents utilize compound identities and inherited "invisible browser" sessions to operate at machine speed, easily bypassing traditional security controls. To secure this dynamic attack surface, organizations must abandon...

The Model Context Protocol (MCP) is rapidly becoming the standard for AI-driven automation, yet its rapid adoption has significantly outpaced the development of its security model. This episode explores the inherent design vulnerabilities of MCP, such as unrestricted repository access, tool parameter injection, and remote code execution, which expose organizations to novel and systemic attack vectors. We also dive into practical de...

The 2026 Data Breach Investigations Report reveals a rapidly shifting threat landscape where the exploitation of vulnerabilities has officially overtaken credential abuse as the top initial access vector. Alongside this shift, defenders are battling the explosion of "Shadow AI" data leaks and sophisticated, synchronous "pretexting" attacks that bypass traditional email-centric security training. Despite these advanced AI-driven thr...

In 2026, global organizations face a shifting regulatory landscape defined by the EU's Digital Omnibus package and the proposed SECURE Data Act in the United States. This episode explores how compliance leaders can adapt to delayed EU AI Act deadlines, navigate new data subject rights, and operationalize AI governance using standards like ISO 42001 and NIST. We also dive into the technical realities of continuous SOC 2 monitoring ...

The global landscape of identity is shifting rapidly in 2026, driven by the expanding rollout of mobile driver's licenses (mDLs) in the United States and the looming European Digital Identity (EUDI) Wallet mandate under eIDAS 2.0. This transition towards digital public infrastructure faces unprecedented cybersecurity challenges, primarily fueled by a 900% surge in AI-generated deepfakes and the rise of autonomous AI fraud agents. T...