Published 15 May 2026
Duration: 00:33:38
Open-source cloud security tools like Prowler evolve through community contributions and AI integration, balancing automated security checks with deterministic controls amid challenges like dynamic APIs, enterprise adoption tensions, and the resurgence of foundational security measures in hybrid cloud environments.
In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler. Prowler started of...
The podcast discusses the development and evolution of Prowler, an open-source cloud security tool initially created for AWS audits and expanded to support major cloud providers. It highlights the growing role of AI in open-source projects, noting that significant contributions to Prowler now come from AI-generated code, which requires rigorous testing and community oversight to maintain reliability. While AI enhances contextual analysis, deterministic tools remain essential for actionable insights, especially in cloud security workflows where precision is critical. The conversation also addresses challenges in cloud environments, such as frequent API changes and the limitations of relying solely on large language models for complex tasks like configuration analysis. Tools like Prowler integrate with AI agents to provide structured outputs, enabling automation of detection and remediation processes, while emphasizing the need for a balance between AI-driven efficiency and traditional security mechanisms.
Enterprise adoption of open-source tools like Prowler raises concerns about proprietary feature development and competition, though the value of established solutions persists due to the complexity of maintaining custom code. The discussion explores broader trends in SaaS and cloud security, questioning narratives about the decline of SaaS models and highlighting the enduring importance of vendor expertise in software maintenance and updates. Agentic systems, such as Prowlers integration with AI-driven IDEs and remediation workflows, are positioned as critical for addressing multi-cloud and SaaS security challenges through deterministic logic and human oversight. Traditional security controls are also resurging in relevance as foundational layers, complementing AI-enhanced tools in combating evolving threats. The conversation underscores the importance of operational resilience, integration with hybrid cloud environments, and the coexistence of AI innovation with time-tested security practices.
13 May 2026 Risky Business #837 -- GitHub Actions footgun claims TanStack
Recommended: Security. Security. Security.
Summary: Cybersecurity risks from misconfigured GitHub Actions, AI-driven threats like autonomous malware, DNSSEC failures, ransomware attacks on education sectors, and challenges in AI model governance and supply chain vulnerabilities are explored, alongside discussions on regulatory responses and infrastructure resilience.
15 Apr 2026 Risky Business #833 -- The Great Mythos Freakout of 2026
Recommended: Discussion of the recent Anthropic Mythos model impact.
Anthropic Mythos AI's impact on cybersecurity, balancing its potential to accelerate vulnerability detection with debates over human expertise, polarized views on practical impact versus existential risks, and the persistence of foundational security practices amid new AI-driven challenges like patch reversal and IoT vulnerabilities.