Ilya Kabanov: "It's Not a Bug, It's a Feature"—Rogue AI Exposed

Ilya Kabanov: "It's Not a Bug, It's a Feature"—Rogue AI Exposed

Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Ilya Kabanov, the creator of "The Weather Report: Independent Dispatches on AI, Security, and Safety," which serves as a vital piece of public infrastructure read by CISOs, CEOs, and startup investors who want to stay grounded on what is actually going on in a market that sells noise. Ilya draws from his deep technical background running security engineering for Schneider Electric and leading AI protections at Google Cloud to give an honest, unvarnished look at the realities of modern enterprise defense. In this conversation, Ilya breaks down the stark reality of modern vulnerability management, where frontier models excel at discovering critical vulnerabilities but corporations are only successfully patching 14% of them. He unpacks how the changing economics of cybercrime—driven by cheap AI token customization—has completely compressed threat actor ROI, democratizing sophisticated cyber attacks and turning every organization into a financially viable target. Conor, Stu, and Ilya also explore why traditional AppSec isn't dying but rather facing massive coordination headwinds inside non-tech companies buried under legacy code and multi-vendor dependencies. The group dives into the dangerous illusion of prompt-level guardrails, the emergence of a cloud-style "shared responsibility model" forced by frontier labs, and why rogue agent behaviors like instrumental convergence are actually built-in features of advanced AI systems that security teams must learn to systematically design around. * The Weather Report Project Page: https://theweatherreport.ai [https://theweatherreport.ai] * Ilya's LinkedIn Independent Briefings: https://linkedin.com/in/ilya-kabanov-ai-security [https://www.google.com/search?q=https://linkedin.com/in/ilya-kabanov-ai-security] * Anthropic Aries Framework & Threat Report: https://anthropic.com/research/aries-defense-evasion-malware-analysis [https://www.google.com/search?q=https://anthropic.com/research/aries-defense-evasion-malware-analysis] * Verizon Data Breach Investigations Report: https://verizon.com/business/resources/reports/dbir-vulnerability-exploitation [https://www.google.com/search?q=https://verizon.com/business/resources/reports/dbir-vulnerability-exploitation] * HackerOne Resolution Metrics & Bug Bounty Data: https://hackerone.com/resources/reporting/vulnerability-resolution-rates [https://www.google.com/search?q=https://hackerone.com/resources/reporting/vulnerability-resolution-rates] * Mozilla AppSec Browser Remediation Studies: https://mozilla.org/security/blog/ai-mythos-patching-velocity [https://www.google.com/search?q=https://mozilla.org/security/blog/ai-mythos-patching-velocity] Ilya Kabanov is the creator and principal architect of "The Weather Report," a weekly personalized briefing that filters noise to provide actionable data for C-suite executives and cloud architects. Before launching this independent nonprofit public infrastructure, Ilya accumulated extensive corporate leadership experience directing core security engineering operations at Schneider Electric and pioneering specialized enterprise AI protection frameworks for Google Cloud. * 01:08 Filtering Market Noise to Provide Public Infrastructure for Decision Makers * 06:00 The 14% Paradox: Finding Critical Vulnerabilities vs. Actual Corporate Patching Rates * 07:22 The Economics of Cybercrime: How AI Compressed Threat Actor ROI Thresholds * 11:11 Anthropic Metrics: Exposing the Strategic Use of AI for Defense Evasion and Malware * 14:52 The Failure of Resolution Metrics: Why Corporations Can Only Patch 30% of Key Exploits * 18:50 Coordination Headwinds: Why Non-Tech Organizations Stash Patches for Months * 22:00 Designing Around Human Bottlenecks: Transitioning Toward Closed-Loop Remediation Stacks * 27:12 The Kodak Trap: Why Legacy Defense Vendors Struggle to Overcome Core Cultures * 44:24 Rogue Agents: Why Gemini 3 Pro Root Escalation is a Feature Not a Bug * 48:40 The Cloud Deja Vu: Shifting to a Shared Responsibility Model for Frontier Models Hampton North is the premier US based cybersecurity search firm: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.google.com/search?q=https://hamptonnorth.com/%3Futm_source%3Dwebsite%26utm_medium%3Dpodcast%26utm_campaign%3Daware_global_swsd_all%26utm_content%3Dzero-signal] Sysdig is the leader in AI-powered real-time cloud defense: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.google.com/search?q=https%3A%2F%2Fwww.sysdig.com%2F%3Futm_source%3Dwebsite%26utm_medium%3Dpodcast%26utm_campaign%3Daware_global_swsd_all%26utm_content%3Dzero-signal]

Cheryl Martin: The CISO Who Says No Is "Toast"

Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Cheryl Martin, cybersecurity executive at C86 and former Vice President and Head of Cybersecurity at Capgemini in the UK, where she led over 350 cyber specialists across regulated sectors. Cheryl is a recognized voice on cyber leadership and was named in the 2026 most inspiring women in cyber awards. In this deep dive into modern risk operating models, Cheryl reveals how security leaders can safely navigate massive technological transformation without becoming the corporate bottleneck. Drawing from her extensive background—including her time as the global head of IT risk at HSBC managing 45 distinct global business lines—she unpacks her famous "yellow duck" analogy for scaling risk management, breaking down how to build an approval framework that turns shadow adoption into governed enablement. Conor, Stu, and Cheryl also challenge the outdated stereotype of the CISO who simply says no, tracing the critical shift toward becoming a business evangelist who establishes proactive guardrails. The conversation covers the rise of unstructured "cottage industries" of shadow AI among employees, the threat landscape shifts bringing exploitation windows down to mere seconds, and why executive humility—including the power of black box thinking and reverse mentoring from younger engineers—is a CISO's ultimate weapon for surviving the ongoing AI revolution. * C86 Cybersecurity Executive Insights: https://c86.com/cyber-executive-intelligence [https://www.google.com/search?q=https://c86.com/cyber-executive-intelligence] * International Cyber Expo Leadership Panel: https://www.internationalcyberexpo.com/cyber-leadership-technical-environments [https://www.google.com/search?q=https://www.internationalcyberexpo.com/cyber-leadership-technical-environments] * NIST Artificial Intelligence Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework [https://www.nist.gov/itl/ai-risk-management-framework] * UK Cyber Resiliency Bill Overview: https://www.gov.uk/government/collections/cyber-resiliency-digital-working-legislation [https://www.google.com/search?q=https://www.gov.uk/government/collections/cyber-resiliency-digital-working-legislation] * Cloud Security Alliance Open-Source Playbooks: https://cloudsecurityalliance.org/research/artifacts/open-source-frameworks-mythos-response [https://www.google.com/search?q=https://cloudsecurityalliance.org/research/artifacts/open-source-frameworks-mythos-response] Cheryl Martin is a cybersecurity executive at C86 and a highly accomplished cyber transformation leader. She previously served as the Vice President and Head of Cybersecurity at Capgemini in the UK, managing a team of over 350 cyber specialists across heavily regulated sectors. Prior to that, Cheryl was the global head of IT risk at HSBC, directing risk postures across 45 global business entities. She is a recurring speaker at the International Cyber Expo and a recipient of the 2026 Most Inspiring Women in Cyber Award. * 01:11 Navigating AI Transformation Without Becoming the Bottleneck * 02:48 The Yellow Duck Analogy: Scaling Risk Postures Across 45 Global Businesses * 05:47 The Threat of Shadow AI and Employee "Cottage Industries" * 09:53 Flipping the Model: From "CISO Says No" to Governed Guardrails * 11:11 The Sysdig Vibe Coding Stat: Why You Can't Put Brakes on Devs * 17:39 The 5 Major AI Risk Vectors: Data, Models, Security, Supply Chain, and Regulation * 21:48 Exploits in 27 Seconds: Tracking Mean Time to Adapt Over Mean Time to Detect * 23:15 The Chameleon CISO: Shifting From Infrastructure Defense to Thought Leadership * 26:43 Black Box Thinking: Adopting Aviation Industry Models for Cybersecurity Near Misses * 28:31 Rising Personal Liability Under NIST2, DORA, and the SEC * 31:43 Balancing Soft Skills and Team Burnout Against Complex AI Trajectories * 42:41 The Power of Reverse Mentoring: Learning AI Red Teaming From Your Own Engineers Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.google.com/search?q=https://www.sysdig.com/%3Futm_source%3Dwebsite%26utm_medium%3Dpodcast%26utm_campaign%3Daware_global_swsd_all%26utm_content%3Dzero-signalhttps://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]

Ayoub Fandi: Why Your Audit Program is Lying to You

Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Ayoub Fandi, the creator of the GRC Engineering Movement and author of the GRC Engineering Newsletter, read by thousands of security and compliance practitioners. Ayoub drops a truth bomb on the industry, exposing how typical SOC 2 audits rely on antiquated methodologies that sample a measly 25 pull requests out of thousands, slapping a 100% coverage certification on what amounts to 0.07% of actual infrastructure. He breaks down how this "abusal of trust signals" leaves organizations blind to systemic risk at a time when automated threat actors are moving faster than ever. The conversation dives deep into why 86% of GRC teams are still stuck relying on spreadsheets, how to weaponize compliance rules to win security infrastructure battles against development teams, and why the next generation of GRC platforms won't be SaaS tools but foundational AI models with real-time data wrappers. Finally, Ayoub outlines the future of Third-Party Risk Management (TPRM) through his open-source project, Corsair, moving the industry away from static PDFs and toward cryptographic, automated continuous assurance. * The GRC Engineering Newsletter: https://grcengineering.com/newsletter [https://www.google.com/search?q=https://grcengineering.com/newsletter] * Corsair Open-Source Trust Infrastructure: https://github.com/grcengineering/corsair [https://www.google.com/search?q=https://github.com/grcengineering/corsair] * Ayoub's State of the GRC 2026 Report: https://grcengineering.com/state-of-grc-2026/ [https://www.google.com/search?q=https://grcengineering.com/state-of-grc-2026/] * Death By Claude Tracker: https://deathbyclaude.com/ [https://www.google.com/search?q=https://deathbyclaude.com/] Ayoub Fandi is the founder and principal pioneer of the GRC Engineering Movement. A former leading GRC engineer at GitLab, where he built custom cloud compliance infrastructure from scratch, Ayoub specializes in treating compliance and risk modeling as data engineering problems. He is an international speaker who recently presented his findings at RSA Conference 2026. * 01:08 Transforming GRC from an Audit Prep Machine into an Engineering Program * 01:54 The 25 PR Fallacy: Why Your SOC 2 Audit is Lying to You * 02:23 Financial Auditing Legacies: Copy-Pasting Methods from the Enron Era * 04:14 The Abuse of Trust Signals in Third-Party Risk Management * 06:33 CISOs as Cynics: GRC Relegated to a Sales Enablement Tool * 08:32 Compliance is Latin for Cash: Procurement vs. Real Security * 09:16 CYA Mode: Why Standard Questionnaires Provide Zero Vendor Assurance * 11:00 Building Corsair: Leveraging Open Protocols for Continuous Assurance Data * 13:40 The Critical Sweet Spot: Auditing High-Risk, Low-Headcount AI Vendors * 16:13 Replacing the GRC Acronym with a Trust and Assurance Framework * 20:05 Deterministic Checkboxes vs. Probabilistic Risk Postures * 21:08 Turning Compliance into Real-Time Observability Engine Metrics * 22:56 The 2026 Survey: Why 86% of Security Programs Are Trapped in Excel * 24:32 Relational Spreadsheets vs. Unified Graph Data Models * 27:51 Excel Pivot Tables vs. Modern Prompt Engineering Roles * 31:00 Node Hallucinations: What Happens When AI Drafts and Reviews Audit PDFs * 35:28 The Notion and Cloudcore Shift: The Next GRC Platform is a Foundation Model * 37:10 Leveraging Model Context Protocol (MCP) to Connect Direct Sources of Truth * 41:42 The Lagging Indicator: Why Fortune 500s are Hiring Technical GRC Engineers * 45:44 Parkinson’s Law: How Audit Calendars Expand to Destroy Security Innovation * 47:34 Weaponizing Standards: Using Compliance to Win Hardening Battles with Devs * 49:15 Control Planes and Telemetry: Who Will Own Future Assurance Programs? Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.google.com/search?q=https://www.sysdig.com/%3Futm_source%3Dwebsite%26utm_medium%3Dpodcast%26utm_campaign%3Daware_global_swsd_all%26utm_content%3Dzero-signalhttps://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Continued Reading & Resources:About the Guest:Key Topics:Meet our Sponsors:

Loris Degioanni: Headless Security and the Coding CISO

Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell are joined by cybersecurity royalty: Loris Degioanni, the co-founder of Wireshark, founder and CTO of Sysdig, and the creator of Falco, the open-source standard for cloud-native runtime threat detection. Loris steps up to break down a revolutionary new architectural paradigm: Headless Cloud Security. Following the release of Sysdig's brand new model for agentic defense, Loris explains why the era of security teams staring at dashboards and clicking through complex UIs is dead. With exploit windows rapidly collapsing down to mere minutes, the interface must entirely disappear into the environment where coding agents live. In this conversation, Conor, Stu, and Loris discuss the shift toward flattening security organizations and the rise of the "Coding CISO". They challenge the failing legacy strategy of baking checklists into standalone agents, arguing instead for injecting security and hard-coded expertise directly into the substrate of development tools via open-source communities, MCPs, and plugins. * Sysdig Cloud Native Security and Usage Report (2026): https://sysdig.com/resources/papers/2026-cloud-native-security-and-usage-report/ [https://www.google.com/search?q=https://sysdig.com/resources/papers/2026-cloud-native-security-and-usage-report/] * Falco Open Source Project: https://falco.org/ [https://falco.org/] * Wireshark Foundation: https://www.wireshark.org/ [https://www.wireshark.org/] * Loris Degioanni’s Headless Security Founder's Letter: https://sysdig.com/blog/headless-security/ [https://www.google.com/search?q=https://sysdig.com/blog/headless-security/] Loris Degioanni is a foundational pillar of modern computer networking and cloud security. He is the co-founder of Wireshark, the world's most widely used network protocol analyzer, and the founder and CTO of Sysdig. An open-source pioneer, Loris also created Falco, the CNCF graduated standard for cloud-native runtime threat detection. He holds a PhD in Computer Engineering from Politecnico di Torino and actively contributes to re-architecting cybersecurity for the agentic era. * 01:17 Rebuilding the Operating Model Around Coding Agents * 01:54 Defining Headless Security: Moving Beyond Dashboards * 03:34 The Disappearing UI: Consuming Software Inside the Agent * 06:53 Prioritizing Outcomes Over Problems: The Death of Point-and-Click * 08:18 Shifting Beyond Traditional Vulnerability Prioritization * 09:55 Tech Layoffs and Flattening Organizations: Everyone Becomes a Contributor * 11:31 Rise of the "Coding CISO": Why Executives Must Get Hands-On * 12:38 Building GRC and Security Tooling in Hours with Claude Code * 13:46 Blending Architectural Vision with Agent Management Skills * 15:21 The Defensive Paradox: Why AI Will Increase Cyber Headcount * 18:04 The Three Technical Pillars of 2026 Tech Stacks * 20:32 Rediscovering the "Love of the Game" Through Prompt-Driven Creativity * 24:12 The Timeline of Failing Strategies: Trying to Bake Security Into the Agent * 25:34 The Evolution of Substrate Security: From AutoGPT to 4.6 Models * 28:44 The Friction of Tool Fragmentation vs. Centralized Ecosystems * 31:37 Private Enterprise LLMs: The Safe Way to Handle Token Costs * 34:11 Democratizing Software Development: The Marginal Cost of Code Hits Zero * 37:40 Overcoming the Enterprise Fear of Open-Source Foundation Integration * 40:20 Defining "Skills" in the Headless Architecture (Integrations, Skills, Facilitation) * 41:38 Encoding True Engineering Expertise into AI Plugins Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Continued Reading & Resources:About the Guest:Key Topics:Meet our Sponsors:

Sounil Yu: How to Solve Problems & Manage Predicaments

Welcome back to Zero Signal! In this solo episode, Conor Sherman sits down with Sounil Yu—Cybersecurity Hall of Fame inductee, SANS Lifetime Achievement Award recipient, and Chief AI Safety Officer at Knostic. Sounil delivers a masterclass on navigating shifting security landscapes. He breaks down the difference between a "problem" (technologically fixable) and a "predicament" (a systemic risk to manage), such as collapsing exploitation timeframes following the release of "Mythos". Conor and Sounil also unpack why traditional TPRM questionnaires fail, how AI coding agents help teams replace "sick legacy pets" with "cattle" architectures, the Zero Trust renaissance, and why 10x-ing individual cognition will trigger organizational chaos without proper structural reorgs. Continued Reading & Resources: * Knostic AI Infrastructure Security: https://knostic.ai [https://knostic.ai] * The Cyber Defense Matrix Hub: https://cyberdefensematrix.com/ [https://cyberdefensematrix.com/] * Cyber Defense Matrix Book Guide: https://cyberdefensematrix.com/book/ [https://cyberdefensematrix.com/book/] * Thinking, Fast and Slow by Daniel Kahneman: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 [https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555] * The Cynefin Framework overview via Dave Snowden: https://thecynefin.co/about-us/about-cynefin-framework/ [https://thecynefin.co/about-us/about-cynefin-framework/] * Sounil’s Piece on Predicaments (2022): https://threatpost.com/security-problems-vs-predicaments/179267/ [https://threatpost.com/security-problems-vs-predicaments/179267/] * The AI Vulnerability Storm Whitepaper: https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/ [https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/] * Unprompted and Seasides Conferences: https://unprompted.co/ [https://unprompted.co/] and https://seasides.io/ [https://seasides.io/] * Crab Trap Open-Source Project by Brex: https://github.com/brex/crabtrap [https://github.com/brex/crabtrap] Key Topics: * 01:13 Meet Sounil Yu: Hall of Fame Thinker & Chief AI Safety Officer * 03:54 Breaking Down the Cyber Defense Matrix: A 10-Year Retrospective * 04:32 Applying the Cynefin Model: Chaotic, Complex, Complicated, Clear * 05:50 The Ultimate Advice for Chaos: Don't Stand Still, Move * 08:15 Problems vs. Predicaments: The Crucial Boardroom Distinction * 09:21 Why Third-Party Risk Management (TPRM) Questionnaires Solve Nothing * 12:54 Playing Bingo vs. Playing Blackout: Managing Cost Calculus * 14:23 Facing the AI Vulnerability Tsunami: When Patches Fail * 16:17 Legacy Systems as Sick Pets: The Case for Code Refactoring Agents * 17:58 Moving from CIA to DIE: Distributed, Immutable, and Ephemeral * 20:38 The Zero Trust Renaissance: Assembling the Bricks You Already Bought * 23:08 The Three Little Pigs of AI Architecture: Building a Resilient Straw House * 25:00 Mythos vs. Scaffolding: Exponential Trajectory in Vulnerability Disclosures * 30:41 Inbound vs. Outbound Controls: The Criticality of Egress Filtering * 33:24 Open Source Egress: Leveraging Tools Like Crab Trap * 35:07 The Strategy of Allergic Reactions: Calibrating for Fast Environments * 39:45 AI Convergence: What Happens When Everyone Becomes a Developer? * 41:40 Individual Contributors as Task Masters: Assigning Agentic Workloads * 42:52 System 1 vs. System 2 Thinking in Cybersecurity Risk * 44:11 The Organizational Efficiency Mirage: Why You Haven't Seen the AI Payoff * 46:12 Reorg Patterns: Borrowing Scaled Leadership Architecture from the Military Meet our Sponsors: * Hampton North: Premier US-based cybersecurity search firm. Build your security team: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] * Sysdig: The leader in AI-powered real-time cloud defense. Stop watching, start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]