Securing AI Agents with Dave Lewis, Enterprise News, and interviews from Oktane 2025 – Dave Lewis, Mike Poole, Conor Mulherin – ESW #430
Segment 1: Interview with Dave Lewis from 1Password
In this week's sponsored interview, we dive into the evolving security landscape around AI agents, where we stand with AI agent adoption. We also touch on topics such as securing credentials in browser workflows and why identity is foundational to AI agent security.
- 1Password Addresses a Critical AI Browser Agent Security Gap
- 1Password Now Available in Comet - the AI Browser by Perplexity
This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more!
Segment 2: Enterprise News
In this week's enterprise security news,
- one big acquisition, two small fundings
- not all AI is bad
- deepfakes are getting crazy good
- make sure you log what your AI agents do
- Copilot prompt injection
- NordVPN tries to pull a jedi mind trick on us
- failure rate in AI adoption is a feature not a bug?
- using facial recognition to find Tinder profiles
- a predictable squirrel story
All that and more, on this episode of Enterprise Security Weekly.
Segment 3: Two interviews from Oktane 2025
Interview with Connor Mulherin of TechSoup
The cybersecurity landscape in the nonprofit sector is evolving quickly, with organizations facing unique challenges due to limited resources, sensitive mission-driven work, and developing policies and training programs. Connor Mulherin, Director and GM of Validation Services at TechSoup, will discuss the industry's need for accessible and collaborative solutions to provide affordable technology leadership and security guidance. It will highlight how nonprofit organizations can build long-term digital resilience and combat these growing challenges.
Segment Resources:
- www.techsoup.org
- Tech Impact Launch CTO Program For Small NPOs
- Virtual Chief Technology Officer Program for the Nonprofit Sector
Interview with Mike Poole, Director of Cyber Security at Werner Enterprises
In today's digital landscape, cybersecurity is not just a technical issue—it’s a business imperative. Organizations that prioritize cybersecurity culture see fewer incidents and stronger resilience against evolving threats. But how do you foster a security-first mindset across an organization?
This session will explore the critical components of building and maintaining a robust cybersecurity culture, starting with executive leadership buy-in—a fundamental step in securing resources and driving organizational change. We’ll then dive into the power of monthly phishing exercises, which reinforce awareness and preparedness. Attendees will also learn how to develop effective training programs that engage employees at all levels and create lasting behavioral change. Finally, we’ll discuss the role of cybersecurity-themed events, particularly during Cybersecurity Awareness Month, as a powerful tool to capture attention and reinforce key security principles.
This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them!
Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password.
He is the founder of the security site Liquidmatrix Security Digest & podcast. He is currently a member of the board of directors for BSides Las Vegas. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference.
Dave was a DEF CON speaker operations goon for 13 years. Lewis also serves on the advisory board for the Black Hat Sector Security Conference in Canada and the CFP review board for 44CON in the UK. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others.
For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.
Mike Poole is the Director of Cyber Security at Werner Enterprises, with over 22 years of cybersecurity experience, including a distinguished career in the United States Air Force. A CISSP since 2012, Mike specializes in cyber risk management, incident response, and securing complex digital environments. He is passionate about building and leading high-performing cybersecurity teams that drive resilience and innovation. At Werner, he leads enterprise security strategy to protect critical infrastructure across a national logistics footprint. Outside of work, Mike enjoys archery hunting, pheasant hunting with his Llewellin Setter, building and showing cars, and woodworking.
Originally from Ireland, Conor Mulherin is General Manager of Validation Services at TechSoup, where he has spent over 20 years building the infrastructure that powers global corporate philanthropy. His work ensures that CSR teams can confidently direct donations, grants, and technology to verified nonprofits across more than 200 countries.
Conor specializes in designing secure, scalable validation systems that uphold trust and transparency in social impact programs. He has partnered with leading companies—including Okta—to streamline giving workflows, reduce risk, and maximize reach. His efforts have helped millions of nonprofits access critical resources while enabling CSR leaders to deliver measurable, mission-aligned impact.
At the core of Conor’s work is his commitment to civil society: to empower grassroots organizations, protect the integrity of giving ecosystems, and advance global collaboration for social good.
Don't miss InfoSec World 2025 — October 27 to 29 at Disney’s Coronado Springs Resort! Cybersecurity pros, workshops before and after, and endless networking. Save 25% with code ISW25-SW at securityweekly.com/ISW2025!
Adrian Sanabria
- FUNDING and M&A courtesy of the Security, Funded newsletter, issue 216 – Straight Outta [Cheltenham]
Vibe check
What level of AI governance oversight are your customers and third parties requesting?
- +++--- Actively demanding AI governance documentation
- ++++++ Some ask about AI practices in RFPs
- +++--- Occasional questions but not deal-breakers
- +----- Customers don't ask about our AI governance
FUNDING
- Conceal, a United States-based networking platform that allows for covert threat intelligence gathering and remote browser isolation, raised a $26.0M Series B from Two Bear Capital.
- Glide Identity, a United States-based authentication and identity verification platform, raised a $20.0M Series A from Crosspoint Capital Partners.
ACQUISITIONS
- Veeam to acquire Securiti for $1.7B
- ARTICLE: Curl project, swamped with AI slop, finds not all AI is bad
The big insight here is that AI can be useful in the right hands, but it takes someone experienced enough and patient enough to experiment with it and make adjustments as needed.
- AI HORRORS: “Haotian AI, the most terrifying deepfake-as-a-service I’ve ever seen.” from Jason Rebholz on LinkedIn
- AI HOPE: Reasoning Logs: When AI Explains Why
We're going to need a lot more of this transparency in the future.
- SQUIRREL: Ohio Seeks to Ban Human-AI Marriage
Jackie McGuire
Sean Metcalf
- NordVPN denies using trackers – but an app recording shows a different picture
- Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data
- Experts say the high failure rate in AI adoption isn’t a bug, but a feature: ‘Has anybody ever started to ride a bike on the first try?’
Adrian: a red flag for me is that they're calling AI "transformative". We can't call a technology transformative until after the transformation happens. Until then, it's only potentially transformative ;)