Free Daily Podcast Summary
Cloud Security Podcast: Daily Summaries Delivered
by TechRiot.io
Learn Cloud Security in Public Cloud and for AI systems, the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We are honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud. We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.We STREAM interviews on Cloud Security Topics every week on Linkedin, YouTube and Twitter with over 150K people tuning in.
Latest Episodes
The most recent episodes — sign up to get AI-powered summaries of each one.
- Today46 min
The 4 Pillars of AI SOC:From Threat Hunting to Vibe Hunting
Threat hunting has officially evolved into "vibe hunting". However, if your AI security tools lack the right semantic context, they might be doing more harm than good. In this episode, Ashish sits down with Aqsa Taylor, Chief Security Evangelist at Exaforce, to discuss the rapidly changing landscape of Security Operations Centers. Aqsa explains how her team coined the term "vibe hunting" after autonomously tracking IOCs and exposure windows during the nationwide attack. We also explore the limitations of upstream detections, highlighting complex threats like the HackerBot Claw pull-request manipulation, TeamPCP NPM supply chain attacks, and APTs posing as fake employees on Google Workspace. If you are navigating the noise of the 54+ new AI SOC startups, Aqsa breaks down the 4 Pillars of an AI SOC (Triage, Detection, Investigation, and Response) and speaks to "Build vs. Buy" debate regarding internal security tooling. Guest Socials - Aqsa's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction to AI SOC and Vibe Hunting Aqsa Taylor’s Background at Twistlock, SACR, and Exaforce The Origin of "Vibe Hunting" and the Iran Striker Attack Why AI Hurts Without Context: The HackerBot Claw Attack Hunting North Korean Fake Employees on Google Workspace SaaS Detections and the TeamPCP NPM Supply Chain Attack Navigating the Noise of 54+ AI SOC Startups The 4 Pillars of an AI SOC: Triage, Detection, Investigation, Response Automating Response: Containing Credential Stuffing Attacks The Build vs. Buy Debate for Internal AI SOC Tooling Building Confidence in AI with Semantic Knowledge Graphs Fun Questions: Content Creation, Family, and Korean BBQ Resources spoken about during the episode:The Force Multiplier - Exaforce SubstackIts SOC Easy! Podcast
- 5 days ago36 min
Native Cloud Firewalls Falling Short in a Multicloud World
As enterprises expand across multiple cloud environments, on-premise data centers, and dynamic AI workloads, traditional perimeter defenses and siloed cloud-native tools are no longer enough to secure the modern network. In this episode, Ashish sits down with Murali Rathinasamy, Senior Director of Product at Cisco, to break down the next evolution of network security: the Hybrid Mesh Firewall. Murali explains why relying solely on cloud-native firewalls can create visibility gaps, and how unified policy orchestration allows security teams to manage enforcement points seamlessly. He shares a real-world case study of how Multicloud Defense is used to eliminate manual route table configurations and achieve zero-downtime, blue-green upgrades. The conversation also tackles micro-segmentation. Murali breaks down why segmentation initiatives usually stall in "analysis paralysis" and provides a practical, agentless roadmap to reduce your attack surface "one bite at a time". Guest Socials - Murali's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions Introduction Murali Rathinasamy's Background and Role at Cisco What is a Hybrid Mesh Firewall? Bridging the Skills Gap: NetSec vs. CNAPP/CSPM Case Study: Royal College of Surgeons in Ireland (RCSI) The Limits of Cloud-Native Firewalls in a Multicloud World Securing AI Workloads and Managing the Agent Blast Radius Why You Need Unified Policy Orchestration Across Firewall Vendors Why Micro-segmentation Fails: Overcoming Analysis Paralysis How to Implement Micro-segmentation "One Bite at a Time" Detecting and Blocking Prompt Injections with Cisco AI Defense Where Does the Hybrid Mesh Firewall Fit in the Tech Stack?Resources spoken about during the interview:Cisco Hybrid Mesh Firewall YouTube series on Hybrid Mesh Firewall
- 2 weeks ago37 min
How AI Agents Will Negotiate Your Vendor Contracts
Third-Party Risk Management (TPRM) has historically been a tedious, 200-page paper exercise that felt like being catapulted back to 1979. But AI is changing that.In this episode, Ashish sits down with Igor Andriushchenko (CISO at Lovable) and Jasper Mills (CEO of Ethira) to discuss the collision of TPRM and AI.We dive into the hidden risks of Shadow AI, exploring the chaos that ensues when non-technical teams spin up unauthorized AI tools without security oversight. Jasper and Igor explain why the future of vendor risk involves treating AI agents like a contracted workforce, managing their lifecycles, and preparing for the 2027 era of "agent-to-agent" negotiations where humans are entirely removed from the loop.We also cover the impact of DORA (Digital Operational Resilience Act) regulations, the Build vs. Buy debate for AI security tooling, and how to use autonomous agents to finally automate tedious vendor questionnaires.Guest Socials - Igor's Linkedin + Jasper LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction Jasper and Igor's Backgrounds (Athira and Lovable) Why Traditional Third-Party Risk Management is Abysmal DORA Regulations and the Collision of AI and Compliance Using AI to Automate Vendor Assessments and Questionnaires The Build vs. Buy Debate for AI TPRM Tools Shadow AI: "Giving a Kindergarten a Nuclear Bomb" Using AI Agents for Automated Vendor Discovery and Inventory 2027: The Future of Agent-to-Agent Negotiations Treating AI Agents Like a Contracted Workforce Enforcing Contractual Accountability through AI Guardrails
- May 5, 202644 min
How Claude Mythos Changes Vulnerability Management: From CVSS to Exploitability
Is your vulnerability management program ready for something like Claude Mythos? The old days of treating vulnerabilities as temporal events (like Heartbleed or Log4J) and patching them on a leisurely 30, 60, or 90-day cycle are officially over.In this episode, Ashish sits down with Brad Hibbert, COO and Chief Strategy Officer at Brinqa. Brad explains how the release of Anthropic's Claude Mythos, an AI model capable of discovering vulnerabilities at machine speed without human intervention has compressed the time-to-exploit from months down to mere seconds.We discuss why the traditional assumption that "sophisticated attacks require sophisticated attackers" is no longer relevant, and why leaning solely on CVSS scores will drown your remediation teams in noise. We speak about how defenders must pivot from generic patching to focusing on true exploitability within their specific environments. Learn how AI can chain multiple "low severity" vulnerabilities (which were previously ignored 90% of the time) to gain root access, and why siloed AI security tools will lead to an expensive and ineffective game of "Whac-A-Mole".Guest Socials - Brad's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction Brad Hibbert's Background and Role at Brinqa Heartbleed vs. Claude Mythos: Temporal vs. Persistent Threats AI Weaponization: From Months to Seconds Elevating the Threat Model Beyond CVSS The Tsunami of Vulnerabilities and the Need for Exploitability Bridging the Blind Spots in Exposure Management Resolving Friction Between Security and Remediation Teams Automating Remediation Without Losing Oversight The Problem with Treating Every Vulnerability Individually Why We Ignored 90% of Low Severity Vulnerabilities Siloed AI and the Costly Game of "Whac-A-Mole" Defining "Reasonable Security" in the AI Era Quick Wins: Where to Start Uplifting Your ProgramResources spoken about during the episode:Mythos Changes the Offense.5 Things Every CISO Should Do Before the Next MythosThank you to Brinqa for sponsoring this episode
- Apr 29, 202654 min
AISPM Isn't Enough: How to Apply Zero Trust to AI Agents
We are officially entering the "Multi-AI Era." Much like the multi-cloud times, organizations are no longer just using a single AI tool like Microsoft Copilot, they are building custom, agentic workflows using diverse third-party models and MCP servers . In this episode, Ashish sits down with Shawn Hays from Varonis to discuss why the security market has over-pivoted on AISPM (AI Security Posture Management) . Shawn spoke about how having visibility and an inventory of your AI models is a great start, but it fails to secure the enterprise if you lack the guardrails to actually stop an agent from going off the rails and exfiltrating data . Shawn breaks down the components of a robust AI security platform (like Varonis Atlas) and explains why data security is inseparable from AI security. He spoke about why AI agents will blindly "read whatever is on the teleprompter," meaning your AI is only as secure as the data access and identity controls surrounding it . Tune in to learn how to apply Zero Trust across the entire AI chain from the prompter to the cloud infrastructure Guest Socials - Shawn's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction Shawn's Background: Microsoft, CMMC, and Varonis The Biggest AI Security Challenges (Copilot to Agentic AI) Third-Party AI Risk (Jira and Salesforce Agents) The Connector Ecosystem Danger (Copilot + Salesforce) 8 Distinct Areas of an AI Security Platform (Varonis Atlas) Entering the "Multi-AI Era" (Analogies to Multi-Cloud) The AI Bill of Materials (Athena AI & Grammarly) Why Data Security and AI Security are Intertwined Applying Zero Trust to the Entire AI Chain The Role of Identity and ITDR in AI Systems HIPAA, OCR, and Regulating AI Data Access Creating a Governance Plan for Microsoft Copilot Securing Pro-Code AI Systems (AWS Bedrock & MCP Servers) Why the Security Market is Over-Pivoting on AISPM The "Ron Burgundy" Analogy for AI Agents Fun Questions: Crocodile & Caramel Tasting The Ed Sheeran & Yelawolf Mixtape Connection Hobbies & Pride: DJing Weddings and Playing Ice Hockey in Alabama Favorite Food: Alabama White Sauce BBQ & Milo's BurgersResources spoken about during the episode:Varonis Atlas
- Apr 21, 202626 min
The Rise of Agentic Cloud Security: Code-to-Cloud Shrinks to 3 Days
Is your cloud security strategy ready for the "messy middle" of AI adoption? With developers pushing code from inception to production in under three days using "vibe coding," and adversaries capable of exfiltrating data in just 25 minutes, human-led security is no longer fast enough .In this episode, Ashish sits down with Elad Koren from Palo Alto Networks (Cortex Cloud) to discuss the shift toward Agentic Cloud Security. Elad spoke to us about why bolting an AI chatbot onto legacy security tools doesn't work, and why you must run AI directly where your data lies . Elad shared a real-world case study: an organization that rapidly spun up an "internal" AI workload to test the market, only to have a red team discover it was exposed to the public internet with zero authentication .If you want to know how the role of cloud security practitioners will evolve from manual analysts to AI orchestrators within the next five years, listen to this episode.Guest Socials - Elad's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction Who is Elad Koren? (Palo Alto Networks / RSA Security) The Explosion of "Vibe Coding" and AI Applications How CNAPP is Evolving from Posture to Active Protection The New Threat Model: 25-Minute Exfiltration Windows What is "Agentic Cloud Security"? (Fighting Machines with Machines) The "Messy Middle" and the Evolution of Security Practitioners Platformization: Why Security Can No Longer Survive in Silos Blurring the Lines Between Cloud and Enterprise Estates Case Study: An Unauthenticated "Internal" AI Workload Exposed How AI is Shrinking Code-to-Cloud Cycles to 3 Days The Coming Crisis: Security Token Budgets vs. Speed Fun Questions: Kangaroo Jerky Tasting Hobbies & Family: Cycling, Audiobooks, and Fatherhood Favorite Food: Thai Cuisine in the Bay Area Resources spoken about during the episode:- Cortex Cloud- Symphony 26 - The Agentic SOC Summit- Palo Alto Networks Linkedin Page- Elad's Linkedin
- Apr 14, 202631 min
Why EDR Fails at AI Security & The Rise of Endpoint Behavior Modeling
Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI, and former Microsoft Security Copilot leader) to discuss why traditional endpoint security tools are failing in the AI era .Brandon talks about the reality of modern "Insider Risk." Attackers are no longer relying on malware; they are "living off the land" by using legitimate enterprise software (like Zoom or Microsoft Office) to look like everyday employees . Why EDR tools can see that Zoom is running, but are completely blind to a user granting remote control to an outsider .We also explore the explosion of Shadow AI, highlighting a real-world HIPAA violation where an HR employee tried to feed patient records into Meta AI via WhatsApp . If your SOC team is drowning in alerts from "dumb control points," this episode talks about how to move from reactive pattern matching (legacy DLP) to proactive behavioral intent modeling at the endpointGuest Socials - Brandon's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction Who is Brandon Dixon? (RiskIQ, Microsoft Copilot, Ent AI) Redefining Insider Risk: Malice vs. Mistakes "Living Off the Land": Why Adversaries Use Legitimate Tools The Zoom Example: Why EDR is Blind to Remote Control Hacks The Failure of Security Training against "Click Fix" Attacks Case Study: A HIPAA Violation via Meta AI in WhatsApp Why Traditional DLP Fails at Semantic Context Local AI Usage: Why Workloads Are Returning to the Endpoint The Problem with UEBA: Putting Anomalies in Context Why You Can't Build This With a Data Lake Stopping the "Trophy SOC" and Dumb Alerts Fun Questions: Kangaroo Jerky Tasting Hobbies & Pride: Ultramarathons and Growing Up in Baltimore Favorite Cuisine: Burmese Food (Tea Leaf Salad)
- Apr 7, 202636 min
Solving Prompt Injection & Shadow AI for AI Malware
Are AI agents functioning like adversarial malware inside your network? In this episode of the Cloud Security Podcast, Ashish sits down with Jasson Casey, Co-founder and CEO of Beyond Identity, to speak about the security risks introduced by Shadow AI and code assistants .Jasson explains why an AI agent executing a tool is the perfect opportunity for prompt injection or proprietary data exfiltration comparing unchecked agents to Ron Burgundy reading whatever is on the teleprompter . We discuss the "barbell" reaction of CISOs (either blocking AI entirely or blindly accepting the risk) and why placing device-bound identity at the core of your security stack is the only way to safely enable AI speed .From an $80,000 stolen Anthropic key nightmare on Reddit to a red-team exercise that cloned voices using Hugging Face models in just four hours, this episode highlights the tangible threats and solutions of the AI era .Guest Socials - Jasson's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Security, you can check out our sister podcast - AI Security PodcastQuestions asked: Introduction Who is Jasson Casey? (CEO of Beyond Identity) The Reality of Shadow AI: Marketers & Devs Moving Fast Why AI Agents Execute Like Adversarial Malware Prompt Injection Over Time & Agent "Memory" as Persistence The CISO "Barbell": Blocking Everything vs. Accepting All Risk Applying the NIST Framework to AI Agents The Reddit Horror Story: An $80,000 Stolen Claude Key Why Device-Bound Identity is the Ultimate AI Control Plane The Death of SaaS IT Products (Replaced by Git + Claude Code) Fixing Prompt Injection & Exfil via Attributable Identity Moving from UI Dashboards to API Data + AI Skills Building "Agentic Playbooks" for Security Teams Red Teaming: Cloning Voices in 4 Hours via Hugging Face Fun Questions: Kangaroo vs. Crocodile Tasting Hobbies: Radar Projects & Northern Mexican Cuisine (Dark Mole) This episode was sponsored by Beyond Identity Resources spoken about during the episode: To get started with Ceros, the AI Trust Layer - Visit beyondidentity.ai
About Cloud Security Podcast
Learn Cloud Security in Public Cloud and for AI systems, the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We are honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud. We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.We STREAM interviews on Cloud Security Topics every week on Linkedin, YouTube and Twitter with over 150K people tuning in.
Customized Recaps
AI-powered recaps with compact key takeaways, quotes, and insights.
Straight to Your Inbox
Get key takeaways from Cloud Security Podcast in a 5-minute read.
Save Hours Every Week
Stay current on your favorite podcasts without falling behind.
Frequently Asked Questions
What is Podzilla's Cloud Security Podcast daily summary?
It's a free AI-powered email that summarizes new episodes of Cloud Security Podcast as soon as they're published. You get the key takeaways, notable quotes, and links & mentions — all in a quick read.
How does the Cloud Security Podcast podcast summary work?
When a new episode drops, our AI transcribes and analyzes it, then generates a personalized summary tailored to your interests and profession. It's delivered to your inbox every morning.
Is this an official Cloud Security Podcast product?
No. Podzilla is an independent service that summarizes publicly available podcast content. We're not affiliated with or endorsed by TechRiot.io.
Can I get summaries of other podcasts too?
Absolutely! The free plan covers up to 3 podcasts. Upgrade to Pro for 15, or Premium for 50. Browse our full catalog at /podcasts.
How often does Cloud Security Podcast release new episodes?
Cloud Security Podcast publishes weekly. Our AI generates a summary within hours of each new episode.
What topics does Cloud Security Podcast cover?
Cloud Security Podcast covers topics including Technology. Our AI identifies the specific themes in each episode and highlights what matters most to you.
Start getting Cloud Security Podcast summaries tomorrow morning.
Free forever for up to 3 podcasts. No credit card required.
Free forever for up to 3 podcasts. No credit card required.