AI, APIs, and the Next Cyber Battleground: Black Hat 2025 – Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm – ASW #346
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it’s too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker’s dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment!
At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. This isn’t just another AI hype talk. It’s a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh.
Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don’t wait until it’s too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh
Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won’t save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them!
Michael Callahan is the Chief Marketing Officer at Salt Security, a leading API security firm. Appointed in October 2023, he brings over 20 years of cybersecurity executive leadership, with prior roles at Acronis, Cofense, McAfee, HP, FireMon, Juniper, and Zimperium. At Salt, he leads brand, demand generation, and global go‑to‑market strategy.
Idan is a serial entrepreneur and product strategist, bringing to Apiiro nearly 20 years of experience in cybersecurity. Previously, Idan was Director of Engineering at Microsoft following the acquisition of Aorato where he served as the founder and CEO.
Josh Lemos is the Chief Information Security Officer at GitLab Inc., where he brings 20 years of experience leading information security teams to his role. Josh has led security teams at numerous high-growth technology companies, including ServiceNow, Cylance, and, most recently, Block (formerly known as Square). Josh’s commitment to securing technologies to make a positive impact in the world has been a common thread throughout his career. He serves as a mentor to aspiring information security professionals and is active in supporting organizations that promote diversity and inclusion in the technology industry. Josh holds a B.S. in Computer and Information Systems Security from the University of San Francisco.
Chris Boehm is the Field Chief Technology Officer (CTO) at Zero Networks. He has 15+ years of experience in cybersecurity, spanning public sector IT, cloud engineering, and executive leadership. Chris started in State and Local Government before leading hybrid infrastructure and security programs, then spent 7 years at Microsoft across Defender, Azure, and M365, delivering threat detection, identity, and compliance solutions globally. At SentinelOne, he served as Field CISO through its IPO, advising Fortune 500s on threat-informed defense, risk, and strategy. Now at Zero Networks, he helps organizations implement real zero trust and segmentation – tied to tactics, techniques and procedures, not theory – bringing hands-on credibility and an operator’s lens to modern security architecture.
