Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.

For most leadership teams, the question is no longer if they’ll use AI, but how to turn it into measurable business value. Success hinges on the APIs that feed, govern, and scale AI initiatives — and whether your strategy is built for speed, security, and cost efficiency. From accelerating product development to delivering real-time customer experiences, the business case for AI is clear. But without the right API strategy, AI initiatives risk falling short — driving up costs, creating compliance gaps, and limiting ROI.

AI agents aren’t just talking, they’re taking actions. They’re booking transactions, pulling sensitive data, and chaining tools together to get work done. As enterprises embrace these agents, protocols like the Model Context Protocol (MCP) and Agent-to-Agent (A2A) are enabling powerful new capabilities, but also creating invisible ecosystems of API-driven agent activity that traditional security tools can’t see or control.

No Fluff, Just Real-World Threats This isn’t your typical marketing webinar. We cover what Agentic AI actually looks like in production, how MCP servers work to broker instructions, and what kind of new threats are emerging. Agentic AI isn’t coming. It’s already here. Autonomous agents are now operating in production environments, reasoning, remembering, and taking real actions across your systems. They’re not just generating content. They’re triggering workflows, modifying records, and making decisions. And they’re doing it over APIs.

See your Blind Spots in Minutes, not Months: How Salt Security & AWS Simplify API Security AI agents and cloud-native architectures have unleashed a wave of APIs and with them, new attack surfaces. Most security teams are struggling to keep up, especially in dynamic AWS environments where shadow and zombie APIs can easily go undetected. This Salt Security and AWS webinar explores a better approach to API discovery and security in AWS without the burden of in-line traffic collection or sensor deployments.

In this podcast, we uncover the tactics behind Volt Typhoon, a Chinese state-sponsored operation targeting critical national infrastructure. Learn how this group is moving from espionage to disruption, using stealthy, “living off the land” techniques and exploiting legitimate system tools to hide in plain sight.

Most teams think vulnerability scanning equals progress. But scanning without effective remediation is just expensive noise. Two things block real fixes: Meanwhile, our own research shows as much as 30% of vulnerabilities in transitive dependencies remain unresolved, simply because upgrades break production. That means most organizations aren’t “secure”. They’re sitting on unfixed issues their scanners excluded.

Automatic updates were supposed to make us safer. Instead, they’ve become one of the easiest entry points for supply-chain attacks. When a public repository is compromised, an attacker uploads a malicious version and waits, for 30 minutes to a few hours, before the community detects and removes it. During that window, automated tools like Dependabot can pull that version straight into production. That small window of time is enough to compromise thousands of systems.

30% of open source vulnerabilities are marked “unfixable”. Not because they can’t be fixed but because traditional tools stop there. Your customers don’t care. They just see unresolved CVEs. And they won’t sign off on software that fails a scan. That’s where the real business risk lies. In mid-size software companies, “unfixable” means delayed deals, failed audits, and lost revenue. Seal Security was built to close that 30% gap.

Hiring in 2025: Is the person you hired even real? Deepfakes resumes. Outsourced interviews. Candidates landing jobs they never intended to do. We've moved from KYC to KYE, and organizations haven't caught up yet. In the latest episode of The Connectivity Cloud Podcast, we explore how attackers are weaponizing the job market with Vladimir Krupnov and Blake Darché. For anyone in hiring, HR tech, or security leadership, this is a must-listen.