When “Ship Fast” Meets “Secure by Design” in AI Apps

AI-driven development is moving at breakneck speed—and attackers are taking advantage of the shortcuts. In this episode of Cyber Sentries: AI Insights for Cloud Security, host John Richards sits down with Gaetan Ferry, security researcher at GitGuardian, to unpack how modern AI tooling, MCP servers, and cloud platforms are reshaping the security landscape. The core problem: the same agentic workflows that boost productivity can also multiply identities, credentials, and blast radius if something goes wrong.

After John and Gaetan set the stage, Gaetan walks through a real-world-style vulnerability chain involving smithery.ai, an MCP server registry/hosting platform. It’s a practical look at how “classic” web issues can still show up in brand-new AI ecosystems—and how one small weakness can cascade into bigger supply chain risk. Along the way, they explore why secret sprawl is accelerating, what attackers are hunting for, and why observability is becoming as essential for identities and tokens as it is for infrastructure.

Why MCP Servers, OAuth, and Secret Sprawl Are Colliding

A big theme is the tension between usability and security: teams want agents that can “do everything,” which often means broad permissions and long-lived credentials. Gaetan explains why adopting OAuth is directionally better than static API keys, but still not a silver bullet in a world where agents need delegated access and tokens inevitably “live somewhere.” John pushes on what builders can do now—especially when new frameworks (and new hype cycles) keep resetting hard-won security practices.

The conversation lands on pragmatic guidance: reduce blast radius where you can, inventory identities and secrets, and invest in observability so you can respond fast when—not if—credentials leak. Note: This episode discusses breach scenarios and exploitation chains—be thoughtful about sharing internal security details and incident response specifics.

Questions We Answer in This Episode

• How can a simple web flaw turn into an AI supply chain attack through MCP server hosting?
• Why doesn’t OAuth automatically “solve” agent security and credential risk?
• What does “limiting blast radius” look like when agents need broad permissions to be useful?
• How can observability help you detect and respond to secrets sprawl across AI tools?

Key Takeaways

• Treat MCP servers and agent integrations like critical supply chain dependencies—because they are.
• Prefer short-lived, scoped credentials (OAuth when possible), but plan for token theft scenarios anyway.
• Reduce blast radius with least privilege, separation of duties, and segmented agent access.
• Build identity and secret observability so you can triage and remediate leaks quickly.

The Bottom Line for AI Security Teams in 2026

If you’re experimenting with MCP servers or rolling out agentic workflows, this episode is a timely reminder that fundamentals still win. John and Gaetan make the case that “moving fast” doesn’t have to mean accepting unlimited credential risk—you can ship quickly while still tightening scopes, tracking identities, and watching where secrets spread. Tune in for the real-world examples and the practical mindset shift that helps teams stay productive without becoming the next supply chain headline.

Links & Notes

• GitGuardian
• Connect with Gaetan on LinkedIn
• State of Secrets Sprawl Report 2025
• State of Secrets Sprawl Report 2026 (coming later in March!)
• CyberProof
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:07) - Meet Gaetan Ferry
• (02:19) - Attacks
• (03:17) - Vulnerabilities
• (07:38) - One-Off or Widespread?
• (10:20) - Recommendations to Avoid
• (14:19) - Exploiting
• (16:50) - Resolving
• (23:13) - Path Forward
• (30:53) - Impact
• (34:48) - Year of Supply Chain Attacks
• (35:51) - Wrap Up

The Evolution of Identity Security in the Age of AI

In this episode of Cyber Sentries, John Richards sits down with Jasson Casey, CEO and co-founder of Beyond Identity, to explore the intersection of identity security, AI, and enterprise risk management. As organizations rapidly adopt AI tools and agents, the fundamental challenges of identity security are evolving—requiring both new approaches and a return to core principles.

Identity: The Foundation of Modern Security

Jasson explains how identity has become the root cause of most security incidents, with identity-based failures accounting for 80% of security tickets. The conversation explores how AI is transforming every role in modern organizations, while highlighting the security implications of this rapid adoption.

Key Takeaways:

• Identity security is fundamental to managing AI risk in enterprises
• Traditional security concepts still apply but require new implementation approaches
• Organizations need to track data flow and permissions across AI systems

Looking Ahead

As AI adoption accelerates, organizations must balance innovation with security. Through proper identity management and understanding of data flow, enterprises can prevent most security incidents while embracing the transformative potential of AI technologies.

Links & Notes

• Beyond Identity
• AI Solutions
• Connect with Jasson Casey on LinkedIn
• Connect with Jasson Casey on X
• CyberProof
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:02) - Meet Jasson Casey
• (02:51) - Regrets?
• (08:19) - Friction Point
• (10:28) - Identity
• (17:08) - Adoption
• (22:17) - The Hallmark of Network Security
• (28:10) - Paint Analogy
• (31:17) - Threats
• (34:08) - Visualization Tool
• (35:13) - Their Work in This Space
• (37:05) - Learning More
• (37:36) - Wrap Up

SIEM Speed Without the Sprawl—DataBahn’s Take on Security Data Pipelines

In this Cyber Sentries: AI Insights for Cloud Security episode, host John Richards sits down with Dina Kamal, Chief Revenue Officer at DataBahn, to tackle a familiar cloud security problem: teams can’t get the right data into the SIEM fast enough, and when they do, costs and noise spike. After the introductions, John and Dina dig into why data integration and parsing often consume most of the timeline in SIEM projects—and how a security data pipeline layer can compress onboarding from months to weeks.

They also explore what “doing more with less” looks like in a modern SOC: filtering and routing data based on detection value, preserving what’s needed for compliance, and keeping flexibility for SIEM migrations. Dina’s bigger point is that AI only becomes truly useful when it’s paired with domain expertise and real operational context—otherwise it’s easy to end up with impressive-looking outputs that don’t hold up under investigation pressure.

Questions We Answer in This Episode

• Why do SIEM projects stall on data onboarding, and what speeds it up?
• How can you cut SIEM ingestion costs without weakening detections?
• What does owning your security data change during SIEM migrations?
• Where does AI help most in SOC workflows, and where do guardrails matter?

Key Takeaways

• Data pipelines remove SIEM “plumbing” bottlenecks by automating collection, parsing, and transformation.
• Cost reduction works best when you filter by security value, not just by volume.
• Decoupling data collection from the SIEM reduces lock-in and simplifies vendor changes.
• AI is strongest when guided by security context and experienced practitioners.

The throughline is practical: better detections and faster investigations start upstream with intentional data handling. By treating the SIEM as a high-value analytics destination instead of a dumping ground, teams can regain capacity, reduce noise, and keep options open as tools and vendors change. And when AI is applied to the right parts of the workflow—with clear constraints and real-world context—it can accelerate outcomes without compromising trust.

Links & Notes

• DataBahn
• Connect with Dina Kamal on LinkedIn
• Learn more about Cyberproof
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:02) - Meet Dina Kamal
• (03:14) - Data Pipeline Management
• (05:55) - The Target
• (07:32) - Changing Vendors
• (08:34) - No Storage
• (09:31) - Why People Need It
• (13:09) - Ahead of the Curve
• (19:54) - Capturing the Data
• (23:02) - Useful Data
• (26:02) - More with Less
• (27:03) - Visibility
• (29:40) - When to Start
• (31:04) - Wrap Up