CyberRiskTV Live Coverage from RSAC 2025 Day 4

Doug White, host of the Security Weekly News, and Matt Alderman, host of Business Security Weekly, kick off day 4!

As 'vibe coding", the practice of using AI tools with specialized coding LLMs to develop software, is making waves, what are the implications for security teams? How can this new way of developing applications be made secure? Or have the horses already left the stable?

Segment Resources: https://www.backslash.security/press-releases/backslash-security-reveals-in-new-research-that-gpt-4-1-other-popular-llms-generate-insecure-code-unless-explicitly-prompted

https://www.backslash.security/blog/vibe-securing-4-1-pillars-of-appsec-for-vibe-coding

This segment is sponsored by Backslash. Visit https://securityweekly.com/backslashrsac to learn more about them!

Phishing has evolved—fast. What started as basic email scams has transformed into AI-powered cyber deception.

Phishing 1.0: Early phishing relied on spam emails, fake banking alerts, and malware links to trick users into clicking. These attacks were easy to spot but still caused billions in damage.

Phishing 2.0: Attackers got smarter—instead of mass emails, they started impersonating real people. Techniques like BEC, VEC, and ATO used hacked credentials and real email threads to fool employees into wiring money or sharing sensitive data.

Phishing 3.0: Now, cybercriminals are using AI to generate fake but highly convincing voices, videos, and images. Imagine getting a video call from your CEO asking you to approve a wire transfer—except it’s not really them. Deepfake phishing makes this possible.

IRONSCALES will be discussing the current gaps in SEG technology and will showcase industry-first innovations for protection against deepfakes.

Assessing Organizational Readiness in the Face of Emerging Cyber Threat New research reveals that deepfake-driven attacks are rising fast, with over 94% of IT professionals expressing concern about their impact on security. Download the full research report now to learn how your organization can stay ahead of these evolving threats. Link: https://ironscales.com/fall-2024-threat-report/report-download

Using AI to Enhance Defensive Cybersecurity white paper Learn how AI is reshaping both cyberattacks and defenses in this comprehensive report from Osterman Research. Based on insights from 125 security leaders, this report explores how AI is transforming cybersecurity, revealing the technologies, strategies, and priorities that will define the next era of defense. Link: https://ironscales.com/using-ai-to-enhance-defensive-cybersecurity/report-download

The Hidden Gaps of SEG Protection white paper This research-backed report, based on data from 1,921 customer environments, reveals exactly how SEGs are failing, why modern phishing attacks bypass traditional defenses, and what security teams need to do next. Link: https://secure.ironscales.com/hidden-gaps-in-seg-protection-white-paper

This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesrsac to learn more about them!

The rise of AI has largely mirrored the early days of open source software. With rapid adoption amongst developers who are trying to do more with less time, unmanaged open source AI presents serious risks to organizations. Brian Fox, CTO & Co-founder of Sonatype, will dive into the risks associated with open source AI and best practices to secure it.

This segment is sponsored by Sonatype. Visit https://securityweekly.com/sonatypersac to learn more about Sonatype's AI SCA solutions!

Segment Resources: https://www.sonatype.com/solutions/open-source-ai https://www.sonatype.com/blog/beyond-open-vs.-closed-understanding-the-spectrum-of-ai-transparency https://www.sonatype.com/resources/whitepapers/modern-development-in-ai-era

Middle market companies face unique challenges in the ever-evolving cyber environment – and the question is not whether an attack will happen but rather when and its implications on its business operations and reputation. Developing a comprehensive cybersecurity approach is a business imperative for middle market companies, and Chad Alessi will discuss the threat landscape, what’s keeping IT decision-makers awkward at night, and the best approach to creating a proactive security measure.

Cyber Resilience in Action: A Guide for Mid-Market Firms

This segment is sponsored by CTG. Visit https://securityweekly.com/ctgrsac to learn more about them!

In the evolving world of cybersecurity, the shift from a purely threat-centric mindset to a focus on operational excellence is no longer just a trend—it’s a necessity. Matthew Warner, CEO and co-founder of Blumira, argues that this shift is particularly crucial for small and mid-sized businesses (SMBs) and the managed service providers (MSPs) that support them. Matthew believes that traditional SIEM and detection solutions have historically fallen short for these organizations, often due to their complexity, high cost, and steep learning curves. As a result, many SMBs have struggled to keep up with the sophistication of modern threats. Blumira was founded to change that.

Matthew’s vision is rooted in democratizing security—making powerful, automated detection and response tools simple, affordable, and accessible for everyone, especially those who need them most. By designing platforms that prioritize operational excellence—efficiency, usability, and actionable intelligence—Blumira enables organizations to be proactive rather than reactive. During the conversation, Matthew will share insights into the latest technologies and trends transforming the cybersecurity space, and offer actionable guidance for IT decision-makers. He'll explore how shifting strategy from chasing every alert to building a solid, efficient operational foundation can lead to better outcomes and stronger protection in the long run.

• https://www.blumira.com/partners
• https://www.businesswire.com/news/home/20250326177053/en/Blumira-Launches-New-Microsoft-365-Threat-Response-Feature-for-Faster-and-

More-Efficient-Security-Operations - https://www.youtube.com/watch?v=CeARYI1HuWo&list=PLf4cQhbLPf-seA7PiwFFXGYiiwl05VJgw - https://www.blumira.com/blog/blumira-enhances-msp-partner-program-with-new-tools-and-resources

Security should be accessible to everyone. At Blumira, we’re building the future of detection and response — simple, smart, and built to empower the teams who need it most. Check out https://securityweekly.com/blumirarsac and take control of your security today.

Nightwing divested from Raytheon in April 2024 and is entering another year of redefining national security. Amid emerging threats and shifting industry regulations and compliance frameworks, traditional security measures are no longer cutting it. As Cyber Incident Response Manager at Nightwing, Nick Carroll discusses how organizations can continue to build cyber resiliency and stay one step ahead in today’s threat landscape.

This segment is sponsored by Nightwing. Visit https://securityweekly.com/nightwingrsac to learn more about them!

The surge in AI agents is creating a vast new cyber attack surface with Non-Human Identities (NHIs) becoming a prime target. This segment will explore how SandboxAQ's AQtive Guard Discover platform addresses this challenge by providing real-time vulnerability detection and mitigation for NHIs and cryptographic assets. We'll discuss the platform's AI-driven approach to inventory, threat detection, and automated remediation, and its crucial role in helping enterprises secure their AI-driven future.

To take control of your NHI security and proactively address the escalating threats posed by AI agents, visit https://securityweekly.com/sandboxaqrsac to schedule an early deployment and risk assessment.

Matt Alderman, host of Business Security Weekly, and Mandy Logan, host of Paul's Security Weekly, wrap-up another amazing RSAC conference! They'll include highlights from this year's event and what their favorite parts were!