Along The Edge e3: Breaking AI Agents: From Jailbreaks to MCP Exploits with Javi Rivera

Along The Edge e6: The 90% problem in AI security with Yair Finzi from Kanopy Security

90% of your AI security problem isn't the AI. Yair Finzi, CEO of Kanopy Security, joins Along The Edge to expose the attack surface no one's naming: thousands of agents and apps your business users are quietly shipping every week. HR portals leaking salaries. Unscoped connectors in production. 130,000 resources at a single customer. Then the contrarian close: why better AI code makes the security problem worse, not better. Shadow engineering is already running inside your enterprise. You just haven't looked for it yet.

Along The Edge e5 - Vibe Coding Is Replacing Your Favorite SaaS

What happens when a developer can rebuild your $500/month software in a day? In this episode, Andrius breaks down the growing threat vibe coding poses to the SaaS industry — and why some software is more vulnerable than you think. He's joined by ZioSec front-end developer Nolan Braman, who did exactly that — ripping out a knowledge base platform charging $500/month and replacing it with a vibe coded solution in about a day. But not all SaaS is equally at risk. Andrius and Nolan dig into what gives certain platforms a deeper moat — things like heavy infrastructure, complex integrations, and operational overhead that make them far harder to replicate with a weekend project. Think Intercom vs. a simple dashboard tool. One is a vibe coding target. The other? Not so much. If you're building SaaS, buying SaaS, or thinking about vibe coding your way out of a subscription — this one's for you.

Along The Edge e4: OpenClaw Enterprise Security, AI Robotics Vulnerabilities & The Prompt Injection Epidemic

In this episode, host Andrius Useckas is joined by Aaron Walls and Alex Gatz to break down the explosive growth of Open Claw in enterprise environments — and the security nightmares that come with it.  Plus, a special conversation with Isaac Qureshi, Co-Founder & CEO of Gatlin Robotics, on what happens when AI agents meet the physical world. Topics covered: 🔒 Enterprise Open Claw Adoption — With 22% of enterprises already running Open Claw (often without IT's knowledge) and 40,000+ exposed instances, the team digs into why banning it doesn't work and what CISOs should actually do about it. 🛡️ Iron Claw & Secure Alternatives — Aaron shares his hands-on experience with Iron Claw's web assembly sandboxing approach. The verdict? More secure by design, but so restrictive it loses what makes Open Claw useful in the first place. 💉 Prompt Injection Epidemic — HackerOne reports a 540% increase in prompt injection attacks in 2025, with only 26% getting mitigated. The group debates whether model providers even have incentive to fix this — and whether regulation will force their hand. ⚖️ Regulation vs. Innovation — From the EU AI Act to Colorado's failed legislation and NIST's open calls for comment, the team discusses why compliance frameworks (PCI, HIPAA) haven't caught up and whether early regulation kills innovation. 🤖 Robotics + AI Agents (feat. Isaac Qureshi) — Isaac walks through Gatlin Robotics' approach to building cleaning robots with human-in-the-loop AI, the real risks of prompt injection via physical inputs (like writing on a whiteboard), and why maintaining a "knowledge gap" between human and AI is critical. 🧑‍💻 AI Agents Hiring Humans — The dystopian-sounding but very real marketplace where Open Claw agents can task humans to complete physical-world actions. TaskRabbit, but your boss is an AI. 🔮 Where Robotics + Agents Are Headed — From Pico Claw on Raspberry Pi to humanoid fleet systems, the conversation closes on how fast this space is moving and why security can't afford to be an afterthought. 🎙️ Along The Edge — AI security topics that matter, from the people working on the front lines.

Along The Edge e3: Breaking AI Agents: From Jailbreaks to MCP Exploits with Javi Rivera

Along the Edge — Episode 3 How do you break an AI agent? Javi Rivera — AI security researcher at ZioSec with 8+ years of offensive security experience from MITRE to ThreatX — breaks down the real-world techniques attackers use against agentic AI systems. In this episode, we cover: • Jailbreaks vs. prompt injections — what's the actual difference and why it matters • Why classic attacks still work — SQL injection, command injection, and XSS through AI agents as a "middleman" • System prompt extraction — how attackers use leaked instructions to craft targeted exploits • MCP server security — why public MCP catalogs are the new supply chain risk and why there's no good solution yet • Validating real findings vs. hallucinations — the hardest problem in AI pentesting • Live demo — Gray Swan arena walkthrough showing indirect prompt injection in action • Defense strategies — least privilege, sandboxing, guardrails, and why defense in depth still applies • The coming threat — nation-state AI agents, automated offensive tooling, and why the next wave of attacks will be unprecedented Whether you're a red teamer, AI developer, or security leader deploying agentic AI — this is the technical deep dive you need. Resources mentioned: Gray Swan AI Arena, HackerPrompt, NVIDIA NeMo Guardrails, Docker MCP Hub

Along The Edge e2: OpenClaw Is Incredible... and Completely Unhinged

OpenClaw (formerly Clawdbot / Moltbot / whatever it’s called today) is the first agent that feels like “Siri, but real” — and it’s moving so fast it’s breaking everyone’s threat models in real time. In this episode of Along The Edge, we unpack why OpenClaw is blowing up, what it can do when you hook it into your email, calendar, code, and tools… and why the security tradeoff is brutal: the more capable it is, the more dangerous it becomes. We cover: * Why “credentials in cleartext” is just the beginning * How Discord / chat integrations can leak gateway + session details * Tool invocation endpoints and bypass paths * MCP prompt injection turning “normal workflow” into command execution * What attackers will fingerprint and scan for in the wild * What CISOs should do on day 1 * The big question: can defense keep up, or do we go “offense-driven defense”? Buckle up.