Guest:

• Dennis Chow, Director of Detection Engineering at UKG

Topics:

• We ended our season talking about the AI apocalypse. In your opinion, are we living in the world that the guests describe in their apocalypse paper?
• Do you think AI-powered attacks are really here, and if so, what is your plan to respond? Is it faster patching? Better D&R? Something else altogether?
• Your team has a hybrid agent workflow: could you tell us what that means? Also, define "AI agent" please.
• What are your production use cases for AI and AI agents in your SOC?
• What are your overall SOC metrics and how does the agentic AI part play into that?
• It's one thing to ask a team "hey what did y'all do last week" and get a good report - how are you measuring the agentic parts of your SOC?
• How are you thinking about what comes next once AI is automatically writing good (!) rules for your team out of research blog posts and TI papers?

Resources:

• Video version
• Agentic AI in the SOC: Build vs Buy Lessons
• EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking
• EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance
• EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success
• EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI
• EP242 The AI SOC: Is This The Automation We've Been Waiting For?
• Google Cloud Skill Boost

Guest:

• Vishwas Manral, CEO at Precize.ai

Topic:

• Why is agent security so different from "just" LLM security?
• Why now? Agents are coming, sure, but they are - to put it mildly - not in wide use. Why create a top 10 list now and not wait for people to make the mistakes?
• It sounds like "agents + IAM" is a disaster waiting to happen. What should be our approach for solving this? Do we have one?
• Which one agentic AI risk keeps you up at night?
• Is there an interesting AI shared responsibility angle here? Agent developer, operator, downstream system operator?
• We are having a lot of experimentation, but sometimes little value from Agents. What are the biggest challenges of secure agentic AI and AI agents adoption in enterprises?

Resources:

• Top 10 threats and mitigation for AI Agents
• Past podcast AI episodes
• Cloud CISO Perspectives: How Google secures AI Agents (and paper)
• Top AI Risks from SAIF
• CoSAI
• From turnkey to custom: Tailor your AI risk governance to help build confidence

Guest:

• Elie Burstein, Distinguished Scientist, Google Deepmind

Topics:

• What is Sec-Gemini, why are we building it?
• How does DeepMind decide when to create something like Sec-Gemini?
• What motivates a decision to focus on something like this vs anything else we might build as a dedicated set of regular Gemini capabilities?
• What is Sec-Gemini good at? How do we know it's good at those things?
• Where and how is it better than a general LLM?
• Are we using Sec-Gemini internally?

Resources:

• Video version
• EP238 Google Lessons for Using AI Agents for Securing Our Enterprise
• EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking
• EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It
• EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side
• Big Sleep, CodeMender blogs