More The Secure Disclosure episodes
Published 22 Apr 2026
Duration: 00:38:13
Gaps in cybersecurity education, persistent vulnerabilities like SQL injection, OWASP data limitations, evolving supply chain risks, high training costs, AI's contextual challenges, and the need for secure-by-design principles and collaboration highlight systemic challenges in addressing evolving cyber threats.
Tanya Janca joins the podcast for a sharp, no-nonsense conversation on the OWASP Top 10, why secure coding still gets skipped, and how AI is reshaping...
The podcast explores critical challenges in cybersecurity education and practice, emphasizing a lack of formal training in concepts like access control, which leaves developers unprepared for real-world threats. Despite collaborative efforts like the OWASP Top 10 projectwhich identifies top web application risksgaps in breach reporting and persistent issues such as broken access control highlight ongoing struggles to address foundational security principles. Industry-wide, repetitive vulnerabilities like SQL injection and injection flaws persist due to inadequate education, outdated tools, and a developer focus on feature-building over early security integration. Efforts to democratize training, such as community programs and open resources, aim to overcome cost barriers and improve awareness, though challenges remain in making security education accessible and effective.
AIs emerging role in security is both promising and complex. While AI can reduce vulnerabilities in code generation and prompt secure practices, its effectiveness is limited by contextual understanding and reliance on human review. Persistent debates around supply chain vulnerabilities underscore the need for systemic solutions beyond third-party dependencies, especially in high-stakes areas like medical devices, where low-level languages introduce memory safety risks. Behavioral economics and nudgessuch as default settings and choice architectureare proposed to encourage secure coding without coercion. Additionally, the discussion emphasizes shifting from reactive security tools to proactive "security by design," layered defenses, and fostering collaboration between developers and security teams through community engagement and shared knowledge.
The evolving landscape also raises questions about the future of security roles amid AI advancements. While automation may streamline tasks like penetration testing, it risks displacing entry-level positions, pushing the field toward specialized expertise in creative problem-solving and ethical oversight. Persistent challenges include balancing automation with human judgment, ensuring AI-driven tools maintain accuracy, and addressing systemic gaps in risk prioritization and training quality. The conversation culminates in calls for integrated security practices, pragmatic risk management, and the reimagining of security education to meet the demands of an AI-driven era while preserving the critical role of human insight and accountability.
28 May 2026 Prompt Injection Might Never Be Solved w/ Paul Vann
The text details AI security threats like prompt injection, jailbreak attacks, and distillation attacks, along with vulnerabilities such as AI bias and autonomous agent risks, highlighting detection challenges, emerging malware, supply chain exploits, and the industry's struggle to keep pace with rapidly evolving AI technologies.
22 May 2026 AI Broke the Security Ecosystem w/ Chris Hughes
Evolving cybersecurity challenges include supply chain threats, AI vulnerabilities, and outdated tools, highlighting the need for systemic reforms like developer incentives, regulatory clarity, and industry-government collaboration to address gaps in vulnerability management and the dual risks of AI's role in both threat detection and exploitation.
15 May 2026 PostHog is placing a wild bet on AI Coding w/ James Hawkins
Recommended: Should you go open source?
PostHog's open-source analytics platform prioritizes transparency, developer autonomy, and AI integration while critiquing corporate norms, emphasizing price clarity, building in public, and balancing automation with security governance in product development.
6 May 2026 AI Panic is Driving Shadow IT w/ Noora Ahmed-Moshe
AI's impact on employment and cybersecurity risks, driven by shadow AI, phishing, and emerging threats like prompt injection, require balancing workforce skills, security measures, and organizational trust.
29 Apr 2026 When AI Agents Change their Intent w/ Frank Vukovits
AI agents, autonomous non-human entities operating in enterprise systems without human oversight, pose security and governance challenges requiring updated access control frameworks, real-time monitoring, and intent-based governance to address risks like unauthorized access and shadow AI, paralleling historical tech challenges like Y2K.