AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459

AI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459

Author: Security Weekly Productions May 18, 2026 Duration: 1:36:29
Security Weekly Podcast Network (Video)
TechnologyNews

Interview with Dimitri Sirota from BigID

Most organizations think AI risk lives in the model – or the identity. It doesn't. It lives in the data. In this episode, BigID's CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework.

Segment Resources:

This Week's Topic: Cascading Breaches

We're seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend:

  1. How we can stop the chain of breaches from a third party library, vendor, or service provider
  2. How this might get handled at the legal, contractual, and organizational levels

We discuss two big recent examples:

  1. Sonicwall's 2025 breach of their cloud firewall configuration backup service
  2. The compromise of Aqua Security's widely used Trivy open source tool

The Weekly Enterprise News

Finally, in the enterprise security news,

  1. Funding and M&A courtesy of the Security, Funded newsletter
  2. We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this)
  3. The Angry admin problem emerges again
  4. Vulnerability information is getting crazy to keep up with
  5. Breach information is getting crazy to keep up with
  6. You can give your Agents an allowance now - don't spend it all in one place
  7. Are vulnerabilities sparse or dense?
  8. Mythos, as a model, isn't all that special
  9. Deploy your own deception sensors!
  10. Japan made something weird. Again.

All that and more, on this episode of Enterprise Security Weekly.

This segment is sponsored by BigID. Visit https://securityweekly.com/bigid to learn more about them!

Show Notes: https://securityweekly.com/esw-459


Dive into the ever-evolving world of digital defense with the Security Weekly Podcast Network (Video). Produced by Security Weekly Productions, this network isn't a single perspective but a comprehensive hub where different facets of cybersecurity come into focus through distinct, dedicated shows. You'll find episodes from series like Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News, all curated in one feed. This structure means that whether you're analyzing code, shaping corporate policy, or managing infrastructure, there's relevant content for you. The discussions move beyond headlines, offering practical analysis and expert insights that help make sense of complex threats and solutions. By blending technology deep dives with timely news commentary, this video podcast provides a multi-dimensional view of the field, suitable for professionals who need to stay informed and enthusiasts curious about how security shapes our digital lives. It’s a consistent resource for anyone looking to understand not just what is happening in cybersecurity, but why it matters and how to respond.
Author: Language: English Episodes: 100

Official website RSS
instagramyoutubediscordlinkedinspotifygithub
Security Weekly Podcast Network (Video)
Podcast Episodes
The State of AI & AppSec - Keith Hoodlet - ASW #383 [not-audio_url] [/not-audio_url]

Duration: 1:02:56
This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, mod…
You're not going to patch your way out of this - PSW #926 [not-audio_url] [/not-audio_url]

Duration: 2:02:53
This week: New Yellowkey bitlocker bypass and what it means for you Hackers can run you over with a robot lawnmower FCC says new things about routers, again Glitching with AI almost no false positives AI thought it was e…
Why Basic Security Practices Still Work - Rob Allen - ASW #382 [not-audio_url] [/not-audio_url]

Duration: 1:11:53
If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the mentality of "assume b…
Getting Rid of Your VPN - Rob Allen - PSW #925 [not-audio_url] [/not-audio_url]

Duration: 2:04:32
Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is spon…

12345...10»