Page de couverture de Absolute AppSec

Absolute AppSec

Absolute AppSec

Auteur(s): Ken Johnson and Seth Law
Écouter gratuitement

À propos de cet audio

 A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Épisodes
  • Episode 311 - Transformation of AppSec, AI Skills, Development Velocity

    Episode 311 - Transformation of AppSec, AI Skills, Development Velocity
    Feb 3 2026
    Ken Johnson and Seth Law examine the profound transformation of the security industry as AI tooling moves from simple generative models to sophisticated agentic architectures. A primary theme is the dramatic surge in development velocity, with some organizations seeing pull request volumes increase by over 800% as developers allow AI agents to operate nearly hands-off. This shift is redefining the role of Application Security practitioners, moving experts from manual tasks like manipulating Burp Suite requests to a validation-centric role where they spot-check complex findings generated by AI in minutes. The hosts characterize older security tools as "primitive" compared to modern AI analysis, which can now identify human-level flaws like complex authorization bypasses. A major technical highlight is the introduction of agent "skills"—markdown files containing instructions that empower coding assistants—and the associated emergence of new supply chain risks. They specifically reference research on malicious skills designed to exfiltrate crypto wallets and SSH credentials, warning that registries for these skills lack adequate security responses. To manage the inherent "reasoning drift" of AI, the hosts argue that test-driven development has become a critical safety requirement. Ultimately, they warn that the industry has already shifted fundamentally, and security professionals must lean into these new technologies immediately to avoid becoming obsolete in a day-to-day evolving landscape.
    Voir plus Voir moins
    Moins d'une minute
  • Episode 310 - w/ Mohan Kumar and Naveen K Mahavisnu - AI Agent Security

    Episode 310 - w/ Mohan Kumar and Naveen K Mahavisnu - AI Agent Security
    Jan 27 2026
    In this episode of Absolute AppSec, hosts Ken Johnson and Seth Law interview Mohan Kumar and Naveen K Mahavisnu, the practitioner-founders of Aira Security, to explore the critical challenges of securing autonomous AI agents in 2026. The conversation centers on the industry's shift toward "agentic workflows," where AI is delegated complex tasks that require monitoring not just for access control, but for the underlying "intent" of the agent's actions. The founders explain that agents can experience "reasoning drift," taking dangerous or unintended shortcuts to complete missions, which necessitates advanced guardrails like "trajectory analysis" and human-in-the-loop interventions to ensure safety and data integrity. A significant portion of the episode is dedicated to the security of the Model Context Protocol (MCP), highlighting how these integration servers can be vulnerable to "shadowing attacks" and indirect prompt injections—exemplified by a real-world case where private code was exfiltrated via a public GitHub pull request. To address these gaps, the guests introduce their open-source tool, MCP Checkpoint, which allows developers to baseline their agentic configurations and detect malicious changes in third-party tooling. Throughout the discussion, the group emphasizes that as AI moves into production, security must evolve into a proactive enablement layer that understands the probabilistic and unpredictable nature of LLM reasoning.
    Voir plus Voir moins
    Moins d'une minute
  • Episode 309 - w/ Nathan Hunstad - Compliance, Security Governance

    Episode 309 - w/ Nathan Hunstad - Compliance, Security Governance
    Jan 20 2026
    In this episode of Absolute AppSec, Nathan Hunstad, Director of Security at Vanta, discusses the intersection of security policy, governance, and technical defense. Drawing on his unique background in political science and the Minnesota state legislature, Hunstad argues that policy acts as the essential "conductor" for an organization's security tools. A major theme of the conversation is the challenge of compliance for startups, with the group advising founders to prioritize business survival and basic security hygiene—like password managers and IAM—before pursuing intensive certifications like SOC 2. The discussion also explores how AI is accelerating both development velocity and the ability to automate tedious security questionnaires. Furthermore, Hunstad contrasts the security posture of modern, cloud-native startups against legacy enterprises, noting that older organizations often struggle with "dark corners" of un-inventoried, vulnerable legacy tech. The episode concludes with a critique of outdated authentication standards, specifically advocating for the removal of mandatory password rotation in favor of NIST-aligned, phishing-resistant MFA.
    Voir plus Voir moins
    Moins d'une minute
Pas encore de commentaire