The Cyber Mettle Podcast with Alyson & Omar
Can AI actually improve penetration testing, or does it create an entirely new attack surface? In this episode of The Cyber Mettle Podcast [http://youtube.com/@thecybermettlepodcast], Omar Sangurima and Alyson Laderman sit down with cybersecurity researcher and executive Dan Shallom to explore how agentic AI is reshaping offensive security, vulnerability discovery, and security assessments. Dan explains why today's AI isn't simply making penetration testing faster—it's changing how security teams think about attack surfaces, business risk, and human expertise. Topics include: • Traditional penetration testing vs. AI-assisted assessments • Why consistency and coverage remain major security challenges • Building AI agents that understand application workflows—not just vulnerabilities • OWASP Top 10 for LLMs and the new risks AI introduces • Why AI needs layered security, guardrails, and governance • Business-contextualized vulnerability prioritization • Human judgment vs. AI reasoning in cybersecurity • Why AI should augment—not replace—security professionals Whether you're a CISO, security leader, penetration tester, application security engineer, or simply trying to understand where AI fits into cybersecurity, this conversation offers practical insights grounded in real-world experience. If you enjoy conversations about cybersecurity, resilience, leadership, governance, and emerging technology, subscribe to The Cyber Mettle Podcast for future episodes. Chapters 00:00 Opening and Inspector Gadget nostalgia 01:22 Meet Dan Shallom 02:34 Traditional Pen Testing vs Agentic AI 05:42 Why Coverage and Consistency Matter 07:35 Hidden Attack Surfaces Inside Modern Applications 08:47 AI Guardrails and Secure Implementation 10:14 Can AI Discover Novel Attacks? 15:18 Why Access Control Remains a Major Challenge 17:45 Business Context Beats Raw CVSS Scores 23:08 Moving Beyond Traditional Vulnerability Scanners 25:20 Human Judgment Still Matters 29:21 OWASP for LLMs and AI Attack Surfaces 33:16 Security by Design 36:16 Can Legacy Organizations Adopt AI? 40:14 Infrastructure, LLMs and Modern Risk 43:14 Final Advice for Organizations Using AI 44:49 Closing Thoughts #CyberSecurity #ArtificialIntelligence #ApplicationSecurity #PenTesting #AgenticAI #CISO #CyberMettlePodcast
31 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de The Cyber Mettle Podcast with Alyson & Omar!