AI is reshaping how software is built. But is it reshaping how it’s secured?

In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption in development workflows to the rise of AI-driven pentesting tools, we unpack what’s progressing, and what’s still marketing.

We cover:

• The reality of AI in modern development pipelines
• The current maturity of AI-powered pentesting
• How buyer expectations are shifting
• Whether pentesting is evolving or simply being rebranded

For CISOs, Heads of AppSec, and security leaders trying to make sense of the noise, this is the grounded perspective you need.

Agentic AI is the latest shift in application security, but how much of it is delivering real results?

In this episode, we break down:

- What “agentic” really means in AppSec

- Where agentic workflows are genuinely adding value

- The limits of automation, and where human expertise still leads

- How enterprises are adopting it without overcommitting

If you’re trying to separate practical capability from future promise in AI-driven security, this one’s for you!

Is AI Pentesting Just DAST in Disguise? 🤖💥

Everyone’s talking about AI-powered pentesting - but is it actually useful, or just dressed-up DAST?

In this episode, we dig into:

- What AI tools really test (and what they miss)

- Why they sometimes look better than they are

- Hallucinations, pricing, and trust

- How they compare to micro pen tests and manual reviews

If you’re trying to make sense of AI in security testing, this one’s for you.

In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world?

Traditionally seen as a gatekeeper for risk, CABs are often accused of slowing things down, blocking innovation, and creating more process than value.

But can AI shift the role of CAB from bottleneck to enabler? We explore what a modern, AI-assisted CAB could look like, and whether change governance can finally move at the speed of development.

In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try to hack it. In this live pen testing session, we explore what happens when code is written without rules, and whether security still holds up under pressure.

In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well as a real human?

We pit a seasoned pentester against our own AI tool in a live challenge, and the results might surprise you.

👉 Try the tool for yourself: https://www.cytix.io/change-analysis-tool

In Episode 6, Season 2, we unpack the explosive growth of AI and ask the critical question: could AI ever replace human pentesters?

Subscribe to keep up to date with all new episodes, released every 2 weeks!

In Episode 5, Season 2, we dive into vulnerabilities and their detection methods, from automated scanners to human-led pen testing.

Plus, we put our skills to the test in Hack it or Track it, where we break down real vulnerabilities, discussing how we’d exploit them and how we’d detect them before attackers do.

Subscribe to keep up to date with all new episodes, released every 2 weeks!