🎙️ Coffee, Chaos and ProdSec, Ep 24

AI security is already happening in production, and most teams are governing systems after they're live, not during design.

So this week, Kurt and Cameron sit down with special guest Tarak, a Co-Founder, Cloud Platform Builder, and Cyber AI Agents Architect, to break down what happens when AI agents ship faster than security policies can keep up. From shadow AI sprawling across consumer tools even when enterprise copilots exist, to provenance gaps that break incident response before it starts, to automation that hides real breaches in a sea of low-confidence alerts, this episode tackles the failure modes most teams are already seeing but haven't named yet.

Your hosts dig into why retrofitting security onto AI systems collapses fast, how build pipelines change when AI shapes code before any control runs, and where human-in-the-loop boundaries actually matter versus where they just slow things down. It's an honest look at where AI genuinely helps Application Security teams and where it creates entirely new chaos, with real stories and zero vendor pitches.

If you work in Product Security, DevSecOps, Application Security, or Software Supply Chain Security, or you just want to hear three security practitioners question reality while AI rewrites the rulebook, this episode is your jam.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 23

AI security keeps getting talked about, but incident response, supply chain risk, and people are still treated like someone else’s problem.

So this week, Kurt and Cameron grab their mugs and spend the episode walking through what actually happens when AI systems misbehave, agents start acting outside expectations, and traditional security playbooks stop lining up with reality.

From AI specific incident response that doesn’t fit existing SOC workflows, to Software Supply Chain Security risks hiding in models, vendors, and embedded SaaS features, this episode gets into where things really break once AI is in production.

They also dig into why AI training across teams matters more than most controls, how shadow AI keeps showing up in unexpected places, and why compliance pressure around AI is no longer theoretical as regulations and accountability get real.

If you work in Cybersecurity, Application Security, Product Security, DevSecOps, or you’re trying to prepare your org for AI incidents, audits, and uncomfortable questions, this episode will sound very familiar.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.

🎙️ Coffee, Chaos and ProdSec, Ep 22

AI is already inside your environment, whether you planned for it or not. So this week, Kurt and Cameron grab their mugs and talk through the AI security foundations that tend to break first, long before anyone calls it an incident.

From gaining visibility into shadow AI and hidden agents, to setting up governance that does not drive usage underground, to building inventories that actually keep up with how fast AI changes, this episode digs into where things fall apart in real organizations.

They also get into securing AI usage itself, from agents running with the wrong identities, to data leaking quietly through prompts and responses, to why traditional DLP and SDLC assumptions no longer hold.

Along the way, they connect the dots between Cybersecurity, Application Security, Product Security, DevSecOps, Software Supply Chain Security, and AI, with honest takes, real-world examples, and a few moments of disbelief at how familiar these failures already feel.

If you are responsible for AI risk, or you are about to be, this episode will sound uncomfortably close to home.

☕ New episodes every Wednesday.

Coffee, Chaos and ProdSec -> strong coffee, stronger opinions.