For twenty years the security playbook started in the same place, find a vulnerability, prioritize it, and patch it. Doug Merritt, CEO of Aviatrix and former CEO of Splunk, thinks that playbook is quietly breaking, and his explanation has nothing to do with anyone being careless. The economics of offense changed underneath us, and most security programs are still funded as if they did not.

Why this conversation matters

Doug has sat in two seats that give this argument weight. At Splunk he evangelized detect and respond, and now at Aviatrix he is arguing that detect and respond, while still important, is no longer enough on its own. That is not a vendor pivot so much as an honest reading of the incentives, and it lands differently coming from someone who built a business on the previous era. If you are a practitioner watching AI rewrite the attacker's cost curve, or a leader trying to defend a prevention-heavy budget to a board, this conversation reframes where the money should actually go.

Key takeaways

• Offense became a compute problem, and that is permanent. Finding and exploiting a vulnerability is a search task, and the cost per token has been deflating faster than Moore's Law. That is why this is a structural shift rather than a few headline demos, and why throwing compute at offense keeps getting cheaper and faster.
• Patching has a ceiling that offense does not. Every patch carries the risk of breaking something, so testing, deployment, and organizational friction cap how fast defenders can move. When vulnerability discovery scales freely and patching cannot, "find more and patch faster" turns into a race you are structurally set up to lose.
• The interesting question is not how they got in, it is where they went. Attackers increasingly arrive with valid credentials and move through the trust graph that runs across cloud services and CI/CD pipelines, including malware injected into trusted repositories. Once they look legitimate inside the environment, lateral movement and egress are where the real damage happens.
• Cloud rewarded velocity, and security paid the bill. Cloud providers made identity default-deny because someone has to own and pay for a workload, but they left networking wide open because their economic engine is developer velocity and security reads as friction. New agentic frameworks inherit that same wide-open default, connected to the internet with little oversight.
• A strong identity stance is necessary and not sufficient. Identity answers whether someone is allowed to act, not whether the action is an attack, which is why attackers log in rather than hack in. Human, agent, and workload identities are genuinely different, and workload identity in particular has been underserved.
• Containment is about blast radius, not about keeping everyone out. The mindset shift is to accept that breaches will occur and to govern every path a workload can take, so an incident stays local and recoverable. Done well, containment holds firm whether or not anyone has detected the attack yet.
• Blast radius has to become a boardroom metric. Doug's argument is that CISOs, CIOs, CEOs, and boards should be able to answer how reachable anything is from anything else, and treat that number as something to drive down deliberately rather than discover after an incident.
• AI is the reason containment is finally workable. The historic blocker to micro-segmentation was cognitive load across tens or hundreds of thousands of workloads. AI is strong at synthesis and pattern matching, which makes a staged path of observe, discover, monitor, and then enforce realistic, ideally starting with the internet-exposed workloads that have no filtering at all.

In this episode of Resilient Cyber, I sit down with Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, to unpack what application security looks like as AI moves from copilot to autonomous teammate across the software development lifecycle.

We dive into:

🤖 AI's accelerating impact on AppSec and the SDLC – and the productivity-versus-risk equation now that agentic coding tools are shipping code at machine speed

💥 The "Vulnpocalypse" – the explosion of CVEs, AI-generated code, and the widening gap between vulnerability discovery and remediation capacity

🛠️ Whether legacy AppSec categories like SAST, DAST, SCA, and ASPM can keep pace – or are being fundamentally reinvented for an agentic world

🎯 The rise of autonomous pen testing and offensive security agents (XBOW, Project Naptime, Project VAIL) and what it means when offense scales faster than defense

🔗 How agentic development is reshaping software supply chain risk – from hallucinated packages to MCP server integrity and the provenance of code no human ever wrote

🏛️ Governance models for AI-generated code, the evolving AppSec team of the future, and what CISOs should be prioritizing right now

📈 Katie's predictions for where AppSec, software supply chain security, and the SDLC are heading over the next 18-24 months

Whether you're an AppSec practitioner, security leader, developer, or just trying to make sense of how AI is reshaping software security – this conversation is packed with insights you won't want to miss.

🔔 Subscribe for more conversations on cybersecurity, AI security, and the future of resilient software.

#Cybersecurity #AppSec #AISecurity #DevSecOps #AgenticAI #SoftwareSupplyChain #ResilientCyber

In this episode, we sat down with Richa Gual, CEO of Complyance, the AI-first enterprise GRC platform that recently raised a $20M Series A led by GV (Google Ventures), to dig into how legacy GRC is finally being disrupted and what role AI agents play in that transformation.

We discussed why GRC has lived in the dark ages for so long, stuck in static documents, snapshot-in-time assessments, system sampling, and self-attestations while the rest of IT moved to cloud, APIs, and automation. We unpacked the credibility crisis caused by commoditized compliance and rubber-stamp audits, the limits of the first wave of GRC automation, and what genuinely changes when agentic AI takes on evidence review, vendor risk, policy drafting, and customer trust workflows end-to-end.

Richa shared Complyance’s perspective on building agentic AI for the most sensitive data an organization holds, why explainability and isolation matter more in GRC than almost anywhere else, and how customers like Dropbox, CVS Health, and Major League Soccer are using AI agents to cut manual GRC work by 70% without lowering the assurance bar.

We closed on what the next five years look like for the GRC workforce and whether the field can finally restore credibility to the phrase “compliance equals security.”

In this episode of Resilient Cyber, I sat down with Karl McGuinness — author of Control Plane and one of the sharpest voices working on identity in the agentic era — to unpack what most of the industry is still getting wrong about IAM for AI agents.

Karl's thesis is a provocation: we spent two decades optimizing authentication and authorization, and we built that stack for human-paced execution. Agents remove the presence, pacing, and natural scope-limiting that made those controls work — and no amount of stronger credentials, tighter scopes, or faster JIT provisioning closes the structural gap. The real frontier isn't AuthN or AuthZ. It's delegation: how approved intent becomes bounded authority that stays governed across delegation chains, unfamiliar tools, consent expansion, revocation, and task termination.

Chris and Karl dig into:

↳ Why the industry optimized for the wrong question, and what changes when agents enter the loop

↳ The Execution Mandate — agents don't need your passport, they need your authority

↳ Why governing the stay matters more than governing the entry, and what continuous evaluation of authority looks like in practice

↳ Mission-Bound OAuth, including Karl's own pessimistic case against it

↳ AAuth vs. OAuth as the substrate for agentic identity, and what signal will tell us which one wins

↳ Why Mission Shaping is necessary but not sufficient when quiet expansion, headless execution, and stale state are in play

↳ Open-world OAuth, MCP, and first-contact trust — what the newer standards solve and the substrate gaps no draft is closing

↳ ID-JAG and Cross-App Access (XAA): why enterprise SaaS needs to abandon app-by-app OAuth islands

↳ The widening gap between IETF drafts and the "agentic IAM" being sold at RSA, and the minimum viable posture for teams running agents in production today

Whether you're a CISO, an identity architect, or a security leader trying to separate vendor narrative from substrate reality, this is a clear-eyed map of where agentic IAM actually is and where it has to go.

🔗 Karl's writing: https://notes.karlmcguinness.com/

🔗 Subscribe to Resilient Cyber on Substack: https://www.resilientcyber.io/

🔗 Follow Chris on LinkedIn: https://www.linkedin.com/in/resilientcyber/

AI security feels fragile right now — and in this episode, Ron Bennatan, VP of Strategy, AI and Database Security at Varonis and founder of Guardium, JSonar, and AllTrue.ai, explains exactly why.

Ron unpacks what "fragile" actually means in the context of AI: it's a black box that requires careful handling, is sensitive to pressure, and is being outpaced by change that isn't linear or polynomial — it's exponential. What took 30 years of AI development previously has been eclipsed by the last three months alone.

Drawing on 30 years in data security, Ron walks through how his journey from Guardium (structured data) to Varonis (historically unstructured data) represents a reunion that was always inevitable — because the policies and security motions were always the same, even when the industry split the two apart. Now, with AI agents becoming the dominant access pattern in the enterprise — potentially replacing 99% of traditional human-driven data access — the data layer is emerging as the most durable signal in AI security.

The conversation covers why the AllTrue.ai thesis — that consumability and bridging the governance/security divide are more important than the tools themselves — translated naturally into the Varonis platform. Ron also breaks down why least privilege is fundamentally harder with agents (the permissioning model can't be deterministic when the decision-making isn't), why agents being unaccountable — no salary, no fear of being fired — makes detective controls less effective, and why the industry must accelerate toward preventive controls and intent analysis operating at machine speed.

Key topics covered:

• Why AI security is fragile: the black box problem and exponential rate of change
• How Varonis unifies structured and unstructured data security for the agentic era
• Lessons from AllTrue.ai on consumability, and collapsing AI governance and security
• Why 99% of enterprise data access will soon flow through AI agents
• Intent analysis and chain-of-thought as the next frontier of data security
• Least privilege vs. least autonomy — and why the permissioning model must evolve
• Why agents' lack of accountability breaks the detect-and-alert model
• The shift from monitoring to prevention and assurance at the data layer

Most organizations deploying AI today cannot answer a deceptively simple question. Which model is actually running in their environment?

It is not a hypothetical concern. Model substitution, supply chain compromise, adversarial fine-tuning, and jurisdictional compliance gaps are all live risk vectors — and the industry has largely been relying on contractual guarantees from AI vendors rather than technical controls to address them.

That gap is exactly what Project VAIL was built to close.

In this episode I sat down with Manish Shah, Co-founder and CEO of Project VAIL (Verifiable Artificial Intelligence Layer). Manish is a repeat founder with 20+ years of company building experience, including as co-founder of LiveRamp, and he is now bringing that background to one of the most consequential unsolved problems in AI security, provably knowing and verifying which model is executing in your environment at runtime.

VAIL’s approach combines two core technologies. Behavioral fingerprinting creates a unique, verifiable identity for AI models based on how they actually behave during inference, without relying on access to model weights or architecture. ZkTorch, developed in collaboration with researchers at UIUC, brings zero-knowledge proofs to large generative AI models for the first time at practical scale, enabling cryptographic verification of model computations without exposing sensitive model internals.

We covered a lot of ground in this conversation, including:

• Why behavioral fingerprinting is a fundamentally different and more resilient approach to model identification
• How model identity becomes a critical security primitive as agentic AI deployments expand
• Detecting prohibited and derivative models, including open-source models derived from Chinese-origin foundations like DeepSeek and Qwen
• Where frameworks like NIST AI RMF and the EU AI Act fall short on model verification requirements
• How verified model fingerprints fit into zero-trust architectures for AI systems and agentic workflows
• What standardization for verifiable AI needs to look like and which bodies should be driving it

Model verification is not a niche research problem. It is becoming a foundational requirement for AI governance, compliance, and security in regulated industries and high-stakes deployments alike.

This episode gives you both the technical grounding and the strategic context to understand why.

A new episode of the Resilient Cyber Show just dropped, and this one is a conversation I’ve been looking forward to for a long time.

I sat down with Tanya Janca, better known to most of the AppSec world as SheHacksPurple. Tanya is the best-selling author of Alice and Bob Learn Application Security and Alice and Bob Learn Secure Coding, an OWASP Lifetime Distinguished Member, CEO of She Hacks Purple Consulting, and one of the most recognized voices in application security and developer education on the planet.

The timing of this conversation is hard to overstate. The OWASP Top 10 2025 was announced at the Global AppSec Conference last year, with two new categories, Software Supply Chain Failures and Mishandling of Exceptional Conditions, and SSRF folded into Broken Access Control. Recently, Anthropic released the Claude Mythos Preview system card, documenting a model that has already found thousands of high-severity zero-day vulnerabilities autonomously, including bugs in every major operating system and web browser, and a 27-year-old vulnerability in OpenBSD.

In other words, AppSec is at a hinge moment, and Tanya is exactly the right person to think out loud with about it.

Here’s what we get into:

• What the OWASP Top 10 2025 got right, what it missed, and how teams should actually use it
• AI-generated code, “vibe coding,” and Tanya’s brand-new free prompt library for secure coding with AI assistants, SecureMyVibe.ca
• What Mythos-class capabilities mean for the offense/defense asymmetry AppSec has always lived with
• How AI is genuinely changing the SDLC, where it creates lift, where it creates noise, and where it creates entirely new attack surface
• Architecting real defenses at the prompt layer, across MCP servers, and inside RAG pipelines, not just bolting content filters onto the front door
• Why developers are the new attack surface, and why a lot of what gets labeled as “supply chain attacks” lately is really a developer compromise that cascaded into the supply chain
• Tanya’s threat model, defense framework, and maturity model for protecting developers themselves
• DevSec Station, Tanya’s new podcast delivering 5–10 minute secure coding lessons in a format built for how developers actually consume content
• What she’d change tomorrow about how AppSec programs are built and run if she could change just one thing

This is one of those conversations that ranges from the practical (what to do Monday morning) to the philosophical (what does it even mean to “secure software” when an AI can find more zero-days in a weekend than a Red Team finds in a year). Tanya brings the rare combination of deep technical chops, real teaching ability, and genuine warmth that makes a hard subject feel approachable.

If you lead an AppSec program, write code for a living, run a security team trying to keep up with AI-assisted development, or you’re just trying to figure out where this whole industry is heading, this is the episode for you.

Resources from the episode:

• SecureMyVibe
• DevSec Station Podcast (Tanya’s new show)
• She Hacks Purple Consulting
• Alice and Bob Learn Application Security and Alice and Bob Learn Secure Coding
• OWASP Top 10 2025 — https://owasp.org/Top10/2025/
• Claude Mythos Preview System Card — Anthropic

Thanks for being here. If this episode landed for you, the best thing you can do is share it with one person on your team who’d find it useful, that’s how this newsletter and show grow.

What happens to application security when AI agents start writing most of the code?

Jack Cable knows both sides of this problem better than almost anyone. As a Senior Technical Advisor at CISA, he helped architect the Secure by Design initiative that challenged the entire software industry to stop shipping insecure products and expecting customers to clean up the mess. Now, as the founder of Corridor, he's building at the center of a question that didn't exist two years ago: how do you govern, secure, and trust code that no human wrote?

In this episode, Jack walks us through the journey from federal cybersecurity policy to startup founder, and why he believes we're at an inflection point that makes everything before it look manageable. We talk about why a decade of shift-left never actually fixed the vulnerability backlog, and why the rise of coding agents, Cursor, Claude Code, Codex, and the internal tools enterprises are quietly building, is about to make that backlog look quaint.

Jack makes the case for a new category he's helping define called Agentic Security Coding Management, and explains what separates it from the SAST tools and ASPM platforms security teams already have. We get into the uncomfortable duality of AI as both the source of the problem and the proposed solution, the frontier labs showing up in AppSec with unclear intentions, and the market confusion that's leaving CISOs struggling to tell real governance from repackaged scanning.

We spend the back half of the conversation on the hard questions. What does real governance of AI-generated code actually look like when thousands of developers are running agents in parallel? Is it policy enforcement at the agent level, provenance tracking, runtime attestation, or something nobody has built yet? And drawing on his time at CISA, Jack shares where he sees regulation heading: liability frameworks, mandatory disclosure, and what happens if we get the policy either too heavy or too absent at the exact wrong moment.

Whether you're a CISO trying to get ahead of this, a founder building in the space, or a developer watching your workflow transform in real time, this is the conversation that frames where AppSec goes from here.