More The Secure Disclosure episodes
Published 2 Apr 2026
Duration: 00:35:05
Ethical hacking evolved from underground communities to enterprise-driven security frameworks, addressing stigma and legacy systems, AI's dual role in threat detection and synthetic risks, and the need for secure-by-design practices, hybrid human-AI strategies, and managing supply chain vulnerabilities amid evolving cyber threats.
Casey Ellis, founder of Bugcrowd, joins the show to talk about the evolution of bug bounty, how hackers went from outsiders to strategic assets, and w...
The text explores the evolution of ethical hacking and its integration into enterprise security, tracing Caseys journey from an early interest in hacking during the digital transition of the 1980s to founding Bug Boundary (originally Bug Crowd) in 2012. This platform aimed to bridge the gap between ethical hackers and organizations by legitimizing their role in addressing vulnerabilities, moving away from the stigma of labeling them as criminals. Challenges discussed include the limitations of traditional security models, such as outdated payment structures for penetration testing and the lack of centralized scaling for early bug bounty programs. The text emphasizes how Bug Boundary accelerated the adoption of crowdsourced security testing, positioning ethical hacking as a strategic enterprise solution.
A significant focus is placed on AIs transformative impact on cybersecurity, both as a threat and a tool. AI amplifies existing vulnerabilities by accelerating exploitation and report generation, compressing the OODA loop (observe, orient, decide, act) to a point where human response is insufficient. This has introduced challenges like AI-generated synthetic reports, which blur the line between genuine and fake threats, straining automated triage systems. The text also examines the scalability issues in bug bounty programs, including managing floods of vulnerability submissions, differentiating valid reports from noise, and balancing public vs. private program risks. Proposed solutions include leveraging AI for triage, improving community-driven accountability, and refining incentive structures to prioritize high-value, hard-to-find bugs over low-effort or AI-generated ones.
The discussion extends to future trends in cybersecurity, such as the unresolved risks of supply chain vulnerabilities, the evolving role of AI in coding and security (as a "force multiplier" for human engineers), and the persistent human factors in securitylike error-prone behavior and over-permissioning. The text highlights the need for organizations to adopt mature vulnerability management practices, secure-by-design systems, and adaptive strategies to address emerging threats, including quantum computing and AI-driven robotics. Ultimately, it underscores the hybrid necessity of combining AI automation with human creativity to navigate the complex, ever-evolving landscape of cybersecurity, while ensuring ethical and effective community engagement.
22 May 2026 AI Broke the Security Ecosystem w/ Chris Hughes
Evolving cybersecurity challenges include supply chain threats, AI vulnerabilities, and outdated tools, highlighting the need for systemic reforms like developer incentives, regulatory clarity, and industry-government collaboration to address gaps in vulnerability management and the dual risks of AI's role in both threat detection and exploitation.
15 May 2026 PostHog is placing a wild bet on AI Coding w/ James Hawkins
Recommended: Should you go open source?
PostHog's open-source analytics platform prioritizes transparency, developer autonomy, and AI integration while critiquing corporate norms, emphasizing price clarity, building in public, and balancing automation with security governance in product development.
6 May 2026 AI Panic is Driving Shadow IT w/ Noora Ahmed-Moshe
AI's impact on employment and cybersecurity risks, driven by shadow AI, phishing, and emerging threats like prompt injection, require balancing workforce skills, security measures, and organizational trust.
29 Apr 2026 When AI Agents Change their Intent w/ Frank Vukovits
AI agents, autonomous non-human entities operating in enterprise systems without human oversight, pose security and governance challenges requiring updated access control frameworks, real-time monitoring, and intent-based governance to address risks like unauthorized access and shadow AI, paralleling historical tech challenges like Y2K.
22 Apr 2026 OWASP Top 10, Vibe Coding, and What Developers Miss w/ Tanya Janca
Gaps in cybersecurity education, persistent vulnerabilities like SQL injection, OWASP data limitations, evolving supply chain risks, high training costs, AI's contextual challenges, and the need for secure-by-design principles and collaboration highlight systemic challenges in addressing evolving cyber threats.