Send us a text

Today's explores the impact of agentic AI on security landscapes, particularly concerning identity management. It begins by defining AI agents as digital workers that independently pursue goals, outlining their components like perception, reasoning, and learning, and their multi-layered infrastructure. The discussion then transitions to the new attack surfaces introduced by AI agents, such as identity spoofing, privilege creep, and prompt injection, highlighting how agents’ dynamic and ephemeral nature poses unique security challenges. I have critically examined the limitations of current human-centric identity solutions like OAuth and SAML in accommodating machine identities, advocating for a machine-first approach in identity security. Finally, the episode details how the industry is evolving to address these shortfalls through zero trust for agents, policy as code, and enhanced auditability, citing examples from major cloud providers and dedicated identity management companies.

LinkedIn Profile: https://www.linkedin.com/in/thecyberman/
Substack: https://thecyberman.substack.com/

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

This episode offers an extensive exploration of AI-driven code generation, known as vibe coding. This episode details how AI tools like Lovable simplify app development for both technical and non-technical users by generating code from natural language prompts. It contrasts this emerging practice with traditional software engineering and the future of AI-native development. The podcast also highlights significant cybersecurity risks associated with AI-generated code, citing reports from Veracode and Backbench that reveal a high percentage of insecure code. Finally, it provides recommendations for secure vibe coding, emphasizing human review and secure prompting techniques, and identifies new skill sets essential for the evolving landscape of AI-powered software creation.

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

Today's episiode introduces Model Context Protocol (MCP), an open standard designed to enable Artificial Intelligence (AI) applications, particularly Large Language Models (LLMs), to seamlessly interact with third-party tools and data sources. It explains MCP's architecture, including hosts, clients, servers, and external tools, and highlights its benefits such as eliminating knowledge cut-offs, reducing hallucinations, and enhancing AI's capability to perform real-world actions. The discussion also touches upon the growing adoption of MCP servers by cybersecurity vendors to facilitate natural language interaction with security platforms, while acknowledging the potential security implications of this new architectural layer.

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

Today's episode provides a comprehensive overview of a Forest Wave security analytics platform report, acting as a guide for understanding the evolving landscape of security solutions. The discussion centers on evaluating various platforms, including Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) products, based on product features and strategic approaches. It highlights key evaluation parameters like analytics, user behavior analysis, incident management, data handling, and the growing integration of AI. Furthermore, the episode tracks vendor changes and market consolidation, emphasizing the importance of innovation and aligning with leading technologies for security professionals.

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

Todays episode vocers a comprehensive overview of Network Detection and Response (NDR) technology, explaining its core function in detecting abnormal and malicious system behaviors by analyzing network traffic data. It outlines key features such as data ingestion, detection, and response, and discusses common use cases including lateral movement and insider threat detection, even extending to Operational Technology (OT) environments. The text also reviews the current market vendors based on a Gartner Magic Quadrant analysis, differentiates NDR from other security technologies like EDR, SIM, and XDR, and explores the integration of AI in enhancing NDR capabilities.

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

Today's episode offers a comprehensive overview of Cyber Threat Exposure Management (CTEM), defining it as a proactive framework for continuously evaluating digital and physical asset accessibility, exposure, and exploitability. It clarifies foundational cybersecurity concepts such as vulnerabilities, attack surface, threats, and impact, explaining how their interplay creates exposure. The speaker categorizes various types of exposure, from internet-facing systems to data leakage and phishing susceptibility, emphasizing the expanding attack surface due to interconnected IT infrastructure. Furthermore, the discussion elaborates on exposure management processes and related technologies, including vulnerability scanning, patch management, penetration testing, breach and attack simulation, and external attack surface management, alongside an explanation of how these tools are evolving to support a more unified CTEM approach. Finally, the transcript explores how Artificial Intelligence (AI) is enhancing CTEM through automated discovery, smarter prioritization, intelligent remediation, and enhanced automation.

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

Ankur Shah, co-founder and CEO of Straiker, shares his career journey, highlighting his experience in various tech sectors before focusing on the current AI landscape. Together, we discussed the impact of AI on building applications and the resulting *cybersecurity challenges , including AI as a potential threat vector and the unique security needs of the evolving AI supply chain. The conversation also touches on emerging security solutions and offers advice for individuals interested in learning about this rapidly changing field, emphasising practical building and experimentation.
#aisecurity #aicybersecurity

Main Themes and Important Ideas:
- AI as a Transformative Mega-Trend
- AI's Dual Impact on Cyber Security
- Securing AI Systems
- The Unique Security Challenges of AI-Enabled Applications
- New AI Supply Chain
- Developing AI Security Solutions
- Emerging AI Security Categories
- Recommendations for Enterprises and Individuals

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.

Send us a text

#aicybersecurity #aicybersecurity

Today's episode introduces the landscape of securing AI, beginning with how AI is utilized in cybersecurity and the increasing accessibility of AI infrastructure through major cloud providers. It outlines common applications of generative AI and large language models across various industries. The core of the discussion then shifts to the potential threats within the AI infrastructure itself, breaking down vulnerabilities across components like core infrastructure, AI models, data, plugins, and AI agents. The episode details specific attack vectors for each of these areas, emphasizing the expanded attack surface presented by interconnected AI systems. Drawing upon resources like OWASP and vendor documentation, the podcast provides an overview of emerging security concerns in the rapidly evolving field of AI. The episode concludes by outlining the intention to further explore these threats and potential solutions in future discussions with industry experts.

Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow
Twitter handle https://twitter.com/prashant_cyber

PS: The views are my own and dont reflect any views from my employer.