More Open Source Security episodes

Goose and the Agentic AI Foundation with Brad Axen thumbnail

Goose and the Agentic AI Foundation with Brad Axen

Published 23 Feb 2026

Duration: 29:53

The development and application of AI tools, such as Goose AI, in software development is explored, highlighting challenges and opportunities in using AI-generated code and the evolving role of developers.

Episode Description

Josh chats with Brad Axen from Block about his creation Goose as well as the Agentic AI Foundation (AAIF). I am quite skeptical of many AI claims, but...

Overview

The podcast discusses the advancement and application of agentic AI tools, particularly focusing on Goose AI, an AI coding assistant developed by Block (formerly Square). This tool enables users to build code and manage tasks through both command-line and graphical user interface methods, reflecting a shift in software development where users can convey their needs in natural language rather than writing code manually. However, achieving reliable results requires precise instructions and iterative refinement, as AI-generated code can have quality issues, especially in open-source projects, highlighting the need for improved code review practices.

The conversation also addresses broader efforts to standardize AI agent interactions, including initiatives like the Agentic AI Foundation, which is working on protocols such as MCP and ACP. Goose AI is presented as an example of these protocols in action. The discussion emphasizes the importance of human oversight in AI-assisted coding and considers the evolving role of developers as AI tools become more integrated into the development process. Looking ahead, the podcast anticipates more intuitive and efficient interfaces for AI-driven software development.

Recent Episodes of Open Source Security

22 Jun 2026 Packagist and Composer security with Jordi Boggiano

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

15 Jun 2026 Sustaining Open VSX with Mike and Thabang

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

8 Jun 2026 Hacking your CI/CD with Francois Proulx

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

1 Jun 2026 Open source verification with Sal Kimmich

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

25 May 2026 Vulnerability disclosure with Casey Ellis

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

More Open Source Security episodes