The Secure Developer

We are thrilled to welcome Sanjay Poonen, CEO of Cohesity, to the latest episode of The Secure Developer! In this conversation, Sanjay joins host Danny Allan to discuss the convergence of data protection, security, and AI. Sanjay shares his unique perspective on how "secondary data" (backups and archives) is becoming the gold mine for enterprise AI, and how organizations can leverage Retrieval-Augmented Generation (RAG) to get value from this data without compromising security. They also dive into: - The "Act 1, Act 2, Act 3" strategy of Cohesity: Data Protection, Security, and AI - How unstructured data is the next frontier for Generative AI - The critical importance of identity resilience for both human and non-human AI agents. - Sanjay’s experience working with NVIDIA and Jensen Huang to build AI capabilities on top of data storage Listen to the full episode to hear how Cohesity is pioneering the future of AI security: https://bit.ly/4qfIPtP #AI #Cybersecurity #DataProtection #TheSecureDeveloper

"Vector embeddings are just math, right?" That is the question Nicolas Dupont, CEO and Founder of Cyborg, poses in our latest episode. While we often focus on "AI for Security"—using AI to find vulnerabilities—this episode flips the script to discuss "Security for AI." Danny Allan sits down with Nicolas to explore the largely invisible risks hiding in enterprise AI workflows, specifically within vector databases. They discuss: - Why vector embeddings are not one-way hashes and can be reversed to expose original data. - The massive attack surface created by centralizing proprietary data into vector stores. - The dangers of over-provisioned agents and prompt injection attacks. - How to maintain privacy compliance (GDPR, HIPAA) while adopting agentic AI. If your organization is rushing to get ROI from AI investments, this is a must-listen on securing the infrastructure that powers it. Episode link: https://lnkd.in/gj6rcQjP

Our latest episode is live! This week, we're sitting down with Paul Querna, CTO at ConductorOne, to explore the future of identity and access management in the age of AI. Paul dives into why authentication is considered "solved-ish" but authorization remains the next big security challenge, and how the rise of AI agents is creating a new world of ephemeral, just-in-time access needs. Paul also shares his optimistic view on how AI can eliminate human toil in security and empower IAM teams to focus on strategic work, ultimately making organizations more secure. Tune in to hear their full discussion on autonomous identity governance and what it means for the future of DevSecOps. Listen here: https://lnkd.in/gVxvr8yM

What is RAG, and how is it different from fine-tuning a Large Language Model (LLM)? In this episode of The Secure Developer, Snyk CTO Danny Allan sits down with Bob Remeika, the co-founder and CEO of Ragie, to demystify retrieval-augmented generation (RAG) and the world of AI agents. Bob explains how RAG provides context for LLMs that they haven't been trained on, and how it can be used in combination with fine-tuning. They also explore how RAG handles different data formats, from PDFs to audio and video. The conversation also covers practical use cases for AI, including internal chatbots and agents that can act on data, and the security considerations for these applications, such as data segmentation and authorization. Bob and Danny also discuss the industry's shift towards more complex "agentic" flows and how they may help combat hallucinations. Listen to the full episode here: https://lnkd.in/gUxcAdkS

What does it take to secure the future of AI? On the latest episode of The Secure Developer our host Danny Allan, CTO at Snyk, sits down with Peter Garraghan, CEO of Mindgard and a Professor at Lancaster University. They explore how AI security isn't just a technical problem but a societal one, discussing the evolution of deep neural networks and why traditional AppSec tools fall short. They also delve into real-world AI attacks, from OS command injection to the challenges of red teaming a non-deterministic system. Listen to the full episode: https://lnkd.in/grqW5uzP

After a bit of summer break, we're BACK with a brand new episode. This one's a CAN'T MISS episode with one of our favorite people, Michael Grinich, the Founder and CEO of WorkOS. MG and Danny Allan have a fantastic conversation about everything from the democratization of app creation (think AI as the new GarageBand  ) to the security challenges of "vibe coding" and the exciting potential of open standards like MCP. P.S. WorkOS's recent MCP Night (https://lnkd.in/db8brNNF) event was incredible, and WorkOS is doing a tremendous job in the AI integration space. Here's a link to the episode for listening, available on all your favorite platforms: https://lnkd.in/d-iG6eEF

Ever wonder how Platform Engineering REALLY evolved and where it's headed?🤔 Our latest episode of The Secure Developer gets into it with the brilliant Cory ODaniel, CEO and Co-founder of Massdriver! Snyk's own Danny Allan chats with Cory about his journey from the front lines of IaC and early EC2 days to leading Massdriver. Cory doesn't hold back with advice for developers dreaming of the CEO chair – like why getting out and talking to people is non-negotiable. We unpack the often-fuzzy definition of DevOps, the real-world headaches of IaC abstractions, and why those one-size-fits-all open-source modules might not be your best bet. Plus, Cory shares his grounded take on AI in ops – spoiler: it's not magic (yet). And, crucially, how we can actually "shift security left" by baking it into platform engineering from day one. Here's the link to the episode if you want to give it a listen: https://lnkd.in/g4c35nas