Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast

In this episode, we break down a major Cloudflare outage, explore how a nation-state used AI agents to automate a cyberattack, and discuss the growing risks around MCP integrations. We also highlight why GRC Engineering is becoming essential to modern security programs and wrap up with key regulatory updates, including CMMC changes affecting thousands of contractors.Topics covered: • Cloudflare outage impact and root cause• Nation-state attack using AI agents to automate intrusion steps• MCP (Model Context Protocol): power, risks, and examples• Why GRC Engineering is the future of compliance and automation• Updates on GDPR, ISO 27701, California AB 5866, and SEC rules• CMMC assessor shortages and what organizations must prepare forSpirit of the Episode• Knob Creek 21-Year Limited Release, rich caramel notes, heavy char, smooth for 100 proofTimestamps0:02—Cloudflare Outage Stories & Global Impact3:07—Root Cause, Not a Cyberattack & Third-Party Risk Reality10:38 - China Uses Anthropic’s Claude + MCP for Automated Cyberattacks14:17 - Full AI Attack Lifecycle Explained27:18 - MCP: The API for AI & Its Security Risks44:05 - Bourbon Break: Knob Creek 21-Year Review50:02 - GRC Engineering Deep Dive: Automation & Controls-as-Code1:24:13 - Regulatory Roundup: GDPR, ISO 27701, California AB 566, SEC SP1:44:27 - CMMC 2.0 Crisis: Auditor Shortages & DoD Contract Impact2:11:20 - Closing Thoughts & Episode Wrap-UpHostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocumGuestMatthew J. Schiavone - @SikitchConnect with UsWebsite: distilledsecuritypodcast.comX:  @DisSecPodEmail: hello@distilledsecuritypodcast.com