Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI

In this episode, we celebrate our 2nd anniversary and Episode 24 of Distilled Security! We cover the Vercel breach, how a Roblox script led to compromised Google Workspace credentials via an unauthorized OAuth connection. Then we dive into HackerOne, pausing their own bug bounty program, overwhelmed by low-quality, AI-generated submissions. And we close out with the State of Vibe-Coded Security—4,783 AI-assisted apps scanned, 727 critical issues found, and the real question: are you vibe coding or vibe deploying? Plus, a quick look at Claude for Security dropping into public beta and what that means for the industry. All of that, and we crack open a Peerless Double Oak to toast two years of Distilled Security. 🥃⏱️ TIMESTAMPS:00:00 – Intro & 2-Year Anniversary 🎉01:26 – Behind the Scenes & Favorite Moments08:26 – Podcast Metrics & Global Reach24:20 – BSides Pittsburgh 2025 Update 🛡️34:31 – The Vercel Breach & OAuth Risk58:57 – HackerOne Pauses Bug Bounty1:16:05 – Spirit: Peerless Double Oak 🥃1:20:27 – Vibe Coding vs. Vibe Deploying1:26:46 – Claude for Security & AI News1:41:27 – Cheers to Two Years! 🥃🎙️ HostsJustin Leapline – @justinleaplineJoe Wynn – @wynnjoeRick Yocum – @rickyocum📬 Send Us Your Questions!ask@distilledsecuritypodcast.com🌐 Connect with UsWebsite: distilledsecuritypodcast.comX: @DisSecPodEmail: hello@distilledsecuritypodcast.com👍 Like, comment, and subscribe for monthly security and compliance insights