In this episode of Chasing Entropy, I sit down with Heidi Potter, longtime organizer of ShmooCon and now CEO of Turngate, for a heartfelt conversation about community, chaos, and legacy in cybersecurity.

From ShmooCon to What’s Next

For 20 years, Heidi helped shape ShmooCon into one of the most influential community-driven conferences in the industry. She reflects on the decision to sunset the event, sharing stories of the unexpected impact it had: first talks that launched careers, lifelong friendships, even marriages that began at the con. What started as a grassroots gathering became a cornerstone of hacker culture, thanks to her team’s dedication and her philosophy of “happy staff, happy event.”

Lessons in Transparency and Leadership

Heidi shares how ShmooCon embraced radical transparency through its Own the Con sessions—revealing the financial realities, challenges, and choices behind running a conference. She explains why building the right team and treating the venue itself as part of that team are essential to success. Her guiding principle of “lead with kindness” underscores both her event leadership style and her approach to life.

Stories, Chaos, and Community Magic

From snowstorms that stranded attendees for days, to the legendary “Shmoo Bus,” to the serendipity of LobbyCon, Heidi and Dave trade stories that highlight the humor, chaos, and magic that defined the event. For Heidi, coordinating chaos isn’t just a skill, it’s a way of finding order, meaning, and connection in unpredictable moments.

Looking Forward

While ShmooCon has closed its doors, Heidi isn’t done building community. She’s already laying the groundwork for new events under her Moose Meat initiative, with plans to create smaller, more flexible gatherings in the future. Above all, her focus remains on giving back to the community and leading with kindness.

Listen now to hear Heidi’s reflections on two decades of ShmooCon, her insights on building inclusive communities, and why the stories we create together matter just as much as the code we write.

In this episode of Chasing Entropy Podcast, I spoke with Paul Klein about the emerging “agentic web”, where AI agents perform real-world digital tasks on our behalf. Paul shares how Browserbase builds secure infrastructure for these agents to interact with websites safely, and how new integrations with 1Password’s Agentic Autofill enable secure, human-approved credential use without exposing secrets to AI models.

Together, they explore how this evolution of automation can make the web more useful, while keeping it secure, observable, and aligned with human intent.

Key takeaways

1. The rise of the “agentic web”

• The internet still runs on legacy systems with no APIs—think DMV forms and government portals.
• Browserbase enables AI agents to safely automate tasks on these sites using headless browsers (full browsers without a GUI).
• These agents can perform structured, repetitive workflows—like procurement, compliance checks, or data lookups—without human micromanagement.

2. Automation that works like an intern

• AI isn’t magic, it needs structure.
• Klein compares AI agents to interns: they’re capable but need clear instructions, context, and defined steps.
• Repetitive “SOP-style” tasks are ideal; vague one-line prompts aren’t.

3. Stagehand & Director: Building automation for everyone

• Stagehand (open-source) allows natural-language automation using “fuzzy selectors” like “click the login button”, instead of brittle scripts.
• Director lets anyone prompt AI to build web workflows, see the generated code in real time, and reuse it in production environments.

4. Guardrails: Observability before autonomy

• Browserbase includes live session replay—you can literally watch what your AI agent is doing in a headless browser.
• Observability ensures safety and accountability; cached workflows reduce dependency on LLMs over time.
• Governance best practice: treat AI tool use as remote code execution—sandbox it, restrict tool access, and monitor every action.

5. Secure authentication for agents

• 1Password Agentic Autofill now works in Director, allowing agents to securely log in with stored credentials.
• The human stays in the loop: every login request is approved (or denied) in real time.
• Passwords are never shared with the model, 1Password fills them directly into the browser.

The pragmatic future of AI automation

Paul sees agentic browsing not as a replacement for humans, but as a relief valve for digital drudgery. AI can handle the tedious work, checking orders, renewing passports, filling government forms, so humans can focus on creative and strategic thinking.

For CISOs and security leaders

Paul’s advice:

• Treat AI agents like RCE: Lock down execution environments, sandbox them, and validate every dependency.
• Constrain tool access: Only approved connectors or MCPs should be callable.
• Start with observability: Log every action and enable real-time oversight before allowing automation to run at scale.

Memorable quote

Listen to this episode of Chasing Entropy wherever you get your podcasts, no hype, no FUD, just the humans behind the next wave of cybersecurity and AI automation.

Also on YouTube: https://www.youtube.com/watch?v=o4tgJz_4WcM

In this episode of Chasing Entropy, I sit down with Dhillon Kannabhiran, the founder of the long-running Hack in the Box (HITB) Security Conference, to explore the origins, evolution, and impact of one of the world’s most influential hacker gatherings.

From Kuala Lumpur to Global Stages

Dhillon shares the unlikely beginnings of HITB in Malaysia, started as a scrappy, accessible alternative to high-cost events like Black Hat. Against all odds, and skepticism that “nobody would come to Malaysia”, HITB attracted global speakers and quickly became a fixture in Asia, the Middle East, and Europe. Along the way came wild stories of last-minute chaos, cultural exchanges, and the conference’s deliberate focus on building community through face-to-face connections.

Curating Talks and Building Community

The conversation dives into how talks are chosen, balancing technical depth with accessibility, and ensuring new voices get a platform. Dhillon emphasizes that HITB isn’t just about the talks you can rewatch later, it’s about hallway conversations, TCP/IP networking sessions, and serendipitous encounters that spark startups, collaborations, and lifelong friendships.

Security Lessons (and Non-Lessons)

Looking back at two decades of research presented at HITB, Dhillon is candid: many of the same problems persist, only shifted into new technologies. From classic exploits to today’s “vibe coding” and AI-assisted development, human error and misunderstanding remain the root causes of vulnerabilities. Still, this constant reinvention ensures hackers, and defenders, will never run out of work.

AI, Translation, and the Future of Conferences

The discussion expands to how AI is reshaping both hacking and events. From bug-hunting orchestration with AI agents to real-time language translation devices, the tools are changing fast. Dhillon warns of risks like AI-generated deepfakes but also highlights opportunities for accessibility, inclusivity, and global collaboration.

Words to Hack By

Dhillon closes with advice for hackers and builders alike: “Try stuff out. Don’t hold back. Don’t think there’s going to be a tomorrow. Do whatever you can today. Keep hacking, bro.”